Confusion around Azure AD B2C vs Microsoft Entra External ID

Michal Durista 71 Reputation points
2024-02-21T13:25:36.64+00:00

Hello.

I have read many, many articles on this topic. Here are key outcomes important for my question:

  1. Microsoft Entra ID is a new name for AAD.
  2. Azure AD B2C is part of Microsoft Entra ID. Proof: User's image
  3. Microsoft Entra External ID is a new CIAM - basically "better, newer" Azure AD B2C, built on it's basics with improved user and developer experience. However, it is not the same, this is clear from https://learn.microsoft.com/en-us/entra/external-id/customers/faq-customers

Now to the question - I created an Azure AD B2C tenant via azure portal, everything works like a charm and to my needs. I wanted to try Microsoft Entra Exnernal ID - I created a new "Customer" tenant via Microsoft Entra admin center. However, now I can see both tenants in "Manage tenants" via Microsoft Entra admin center, as if there were the same thing (also clicking around the center, I don't see any difference). Moreover, I can see both tenants in azure portal, although they have different tenant types - "Azure AD B2C" and "Customer", but again, working with them again seems pretty the same. Where is the difference then? I hope it is clear where the confusion comes from.

Additional question about Microsoft Entra Exnernal ID pricing - in the provided FAQ link there is clearly "Microsoft Entra External ID (for customers) is in preview, so no pricing details are available at this time.", however I already came across some pricings during my research. One was pretty much the same as for Azure AD B2C and then this: https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing - I guess user/month metric here is not the same as MAU (in Azure AD B2C for example), right?

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2024-02-22T19:50:55.62+00:00

    Hi @Michal Durista , I'll try to answer your questions the best I can. If I leave anything out or you have more questions please let me know.

    1. Microsoft Entra ID is not a new name for Azure AD. Microsoft Entra is a new brand that encompasses a range of identity and access management (IAM) solutions, including Azure AD, Azure AD B2C, and Microsoft Identity Manager (MIM).
    2. Azure AD B2C is a separate service from Azure AD, but it is part of the Microsoft Entra family of IAM solutions. Azure AD B2C is designed specifically for customer-facing applications and provides features such as social identity providers, custom branding, and self-service password reset.
    3. Microsoft Entra External ID is a new CIAM solution that is built on top of Azure AD B2C. It provides additional features and capabilities, such as a simplified user interface, improved developer experience, and enhanced security. However, it is a separate service from Azure AD B2C and has its own pricing and licensing model.

    Between Azure AD B2C and Microsoft Entra External ID, the main difference is in the user and developer experience. Microsoft Entra External ID provides a more streamlined and intuitive user interface, as well as improved developer tools and documentation. It also includes additional security features, such as risk-based authentication and adaptive access policies. However, the underlying functionality and capabilities are similar to Azure AD B2C.

    About pricing, Microsoft Entra External ID is currently in preview, so pricing details are not yet available. The pricing information you found may be related to other Microsoft Entra solutions, such as Microsoft Entra Identity Protection or Microsoft Entra Privileged Access Management. I would reach out to sales for any questions related to pricing.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    12 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Ron Windle 25 Reputation points
    2024-04-02T18:22:08.2133333+00:00

    Thank you for that explanation James.

    I wanted to know the key differences in security between Entra External IDs and Azure B2C.

    I know several of them so far such as Defender for Cloud is not supported by AB2C and several of the sign in risks (and all user risk) detections are not available as well as stated here:

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-identity-protection-overview

    The one question I need a firm answer on is whether a AB2C user sign in logs can be attributed to a user. The following article leaves me with confusion:

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/view-audit-logs

    My question is this, (1) by what way(s) can you attribute a sign in in AB2C and Entra External IDs to a user account, and (2) what are the differences in all log events for them both as well.

    -Thank you in advance!

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.