This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 77%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
Hello guys,
a short and simple question. Is it possible to grant access to an Azure subscriptions to users from an external Azure AD via B2B collaboration?
Thanks for help!
Greetz,
Chris
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Hi,
Yes, you can grant external users access to an Azure subscription. Please see article below:
B2B collaboration overview
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
Thanks.
-TP
Cross-tenant access to Azure subscriptions, can be done through Azure Lighthouse - https://learn.microsoft.com/azure/lighthouse/overview?WT.mc_id=AZ-MVP-5004796 & https://learn.microsoft.com/azure/lighthouse/concepts/cross-tenant-management-experience?WT.mc_id=AZ-MVP-5004796
It is built to allow multiple partners (internal or external) access to Azure resources across multiple Azure AD tenancies, with support for MFA and approval and just enough privilege, ie one customer or user may need read and another may be a contributor.
Azure Lighthouse is recommended as you don't need to worry about adding people in if they leave etc, at the other partner, but everything is logged and just enough permissions applied.
@Christian van Eickelen
Thank you for your post!
When using B2B collaboration, you can invite external users to your Azure AD tenant and give them permissions to your Azure Subscription(s) by assigning an Azure RBAC role(s).
Please keep in mind that Azure AD roles are different than Azure RBAC roles. Azure RBAC provides fine-grained access management to Azure resources. Azure RBAC includes many built-in roles, can be assigned at different scopes, and allows you to create your own custom roles. To manage resources in Azure AD, such as users, groups, and domains, there are several Azure AD roles.
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.