Azure AD B2B – Simplifying Collaboration With Users Outside Your Organisation
Collaboration is a buzz word that is hard to avoid in virtually every sphere of life these days, whether that is education, work environments and right through to team building exercises. This week I learnt about Azure AD B2B a new feature in Azure Active Directory that went into general availability in April 2017.
This feature solves a very real problem many organisations currently have: how to securely and easily invite users from outside your organisation and enable them to access key applications and resources that are only available to internal Office365 tenant users. Existing Microsoft customers have made it very clear that the ability to work with external partners is critical:
I am particularly excited about this feature to enable better collaboration between schools in the Communities of Learning here in New Zealand. For those unfamiliar with what a CoL is, here is the summary:
A Community of Learning | Kāhui Ako is a group of education and training providers working together to help learners achieve their full potential. These include early childhood education services me ngā kōhanga reo (early learning services), schools, kura and post-secondary.
Each Community of Learning | Kāhui Ako sets shared goals, or achievement challenges based on the particular needs of its learners.
I’ve added the bold highlights above to focus on the fact that for these groups of schools (often 10-15 in number, clustered together geographically), and having the ability to access and share key resources is critical. This is where Azure AD B2B excels:
The key benefits of Azure AD B2B collaboration to your organization
WORK WITH ANY USER FROM ANY PARTNER
- Partners use their own credentials
- No requirement for partners to use Azure AD
- No external directories or complex set-up required
SIMPLE AND SECURE COLLABORATION
- Provide access to any corporate app or data, while applying sophisticated, Azure AD-powered authorization policies
- Seamless user experiences
- Enterprise-grade security for apps and data
NO MANAGEMENT OVERHEAD
- No external account or password management
- No sync or manual account lifecycle management
- No external administrative overhead
Put in simple terms, schools can all sign into a “host” Office365 Tenant’s Azure Active Directory using their own school’s email address and password, or even a personal email address such as yahoo.com or gmail.com . This immediately removes any barriers to access of documents but retains full security and the application of policy to these external users is very easy too e.g. requiring Multi Factor Authentication (MFA) to ensure security around accessing content.
This is all explained in the following video which I do encourage you to watch through to the end to see just how easy it is to set up.
If you’re interested in getting started immediately, click this link for more information.
Other cool features (demonstrated in the YouTube video above) include:
- Setting up a “request access” page so that external users can proactively request access and then have a nominated tenant administrator approve all requests in one go, reducing the need to manually set up external users one by one
- Future plans exist to federate with popular third party identity providers as well such as Google/Yahoo to provide true Single Sign On (SSO) experiences.
- Easily use AAD Groups to manage access and policy e.g. create an “External Schools OneNote” Group that teachers from other schools would be added to so that they can access and share OneNote resources (or Sharepoint, or Teams etc).
- There is advanced feature such as MFA that can be applied, restrictions based on OS e.g. allow only iOS or Windows 10 but block Android, as well as detailed reporting around sign in and accessing of content from external users.
- Access source code on GitHub published by Microsoft to support getting AAD B2B up and running quickly.
Setting up Azure AD B2B has a wide range of potential uses in school settings and I’m interested to see how this plays out over the next few months as it gets picked up and used by schools.
Comments
- Anonymous
May 28, 2017
Hi, I've just covered same topic from a bit different angle with some samples and "'how to's" - it might be interesting in the context of this blog entry: http://predica.pl/blog/guests-in-the-cloud-how-to-safely-manage-external-users-using-azure-ad-b2b/- Anonymous
May 28, 2017
Nice post Tomasz - good scenarios and I like how you listed the Pros/Cons of each situation.Cheers for sharing.Sam
- Anonymous