Supported Microsoft Entra ID features
An Azure Active Directory B2C (Azure AD B2C) tenant is different than a Microsoft Entra tenant, which you may already have, but it relies on it. The following Microsoft Entra ID features can be used in your Azure AD B2C tenant.
| Feature | Microsoft Entra ID | Azure AD B2C |
|---|---|---|
| Groups | Groups can be used to manage administrative and user accounts. | Groups can be used to manage administrative accounts. You can't perform group-based assignment of enterprise applications. |
| Inviting External Identities guests | You can invite guest users and configure External Identities features such as federation and sign-in with Facebook and Google accounts. | You can invite only a Microsoft account or a Microsoft Entra user as a guest to your Microsoft Entra tenant for accessing applications or managing tenants. For consumer accounts, you use Azure AD B2C user flows and custom policies to manage users and sign-up or sign-in with external identity providers, such as Google or Facebook. |
| Roles and administrators | Fully supported for administrative and user accounts. | Roles are not supported with consumer accounts. Consumer accounts don't have access to any Azure resources. |
| Custom domain names | You can use Microsoft Entra custom domains for administrative accounts only. | Consumer accounts can sign in with a username, phone number, or any email address. You can use custom domains in your redirect URLs. |
| Conditional Access | Fully supported for administrative and user accounts. | A subset of Microsoft Entra Conditional Access features is supported with consumer accounts Learn how to configure Azure AD B2C conditional access. |
| Premium P1 | Fully supported for Microsoft Entra ID P1 features. For example, Password Protection, Hybrid Identities, Conditional Access, Dynamic groups, and more. | Azure AD B2C uses Azure AD B2C Premium P1 license, which is different from Microsoft Entra ID P1. A subset of Microsoft Entra Conditional Access features is supported with consumer accounts. Learn how to configure Azure AD B2C Conditional Access. |
| Premium P2 | Fully supported for Microsoft Entra ID P2 features. For example, Identity Protection, and Identity Governance. | Azure AD B2C uses Azure AD B2C Premium P2 license, which is different from Microsoft Entra ID P2. A subset of Microsoft Entra ID Protection features is supported with consumer accounts. Learn how to Investigate risk with Identity Protection and configure Azure AD B2C Conditional Access. |
| Data retention policy | Data retention period for both audit and sign in logs depend on your subscription. Learn more about How long Microsoft Entra ID store reporting data. | Sign in and audit logs are only retained for seven (7) days. If you require a longer retention period, use the Azure monitor. |
| Go-Local add-on | Microsoft Entra Go-Local add-on enables you to store data in the country/region you choose when your Microsoft Entra tenant. | Just like Microsoft Entra ID, Azure AD B2C supports Go-Local add-on. |
Note
Other Azure resources in your tenant:
In an Azure AD B2C tenant, you can't provision other Azure resources such as virtual machines, Azure web apps, or Azure functions. You must create these resources in your Microsoft Entra tenant.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for