Home

Azure Active Directory B2B Collaboration

48 Conversations

Latest Activity

Custom List Message Item

Just want a confirmation the following would work:

Invite B2B user

Create DISABLED AD Account on local ADDS with the UPN of the invited B2B user (Automation via SCIM Provisioning)

Use AAD App Proxy to provide on-premises application to B2B user

Read More
239 Views
9 Replies

Hi, I assume you are looking to use the app proxy for organizations with on-premises apps which are using Windows authentication.  We are currently working on the documen

... Read More
Best Response
Do you then mean that the Azure AD App Proxy App should use Windows Authentication?

I would just like to know if PowerBI for B2B Users are now supported? Thank you.

181 Views
4 Replies
Any update on this? This would provide great value.
From my experience with customers and projects, this feature is much demand, as well as B2B support for Microsoft Teams ;)

Hi Aljohn this is a great feature and is on the roadmap.

We have multiple tenats which are alle working with Sharepoint Online/Onedrive. We would like to drag and drop files from Sharepoint Online in Tenant A to a user which uses Onedrive from Tenant B. Can we esthablish this with Azure AD B2B?

194 Views
9 Replies

There are ways to get this done with B2B. This involves using our APIs and using scripts to bulk onboard people from the other organization. And enabling self service sig

... Read More
Best Response

All, does b2b work with the teams application? 

62 Views
1 Reply
Neil this is work in progress. Stay tuned for updates here.

Hi,

 

We're using AAD and B2B account to allow our partners to access our applications.

One of our customers, to which we've sent an AAD B2B invite got the error message "An unexpected error occurred. Please try again.", after entering the verification code

... Read More
289 Views
10 Replies

Had this issue as well, workaround I found is to set the country to "United States" (at the page where you pick a password)

I would open a support ticket through the Azure Portal

Hello, my name is Daniel and I'm the service owner for O365 at VMware. I have a use case that I need help with, you may have already seen a email from your colleague on this question. I would like to create a SharePoint site (hosted on vmware domain) that

... Read More
227 Views
5 Replies

Hi Daniel - with the current capabilities you can add one user from each org that you want to work with as a B2B user in your org and assign them to the guest inviter rol

... Read More

We have ten minutes to go -- get your questions in!

 

file.jpeg

Read More
196 Views
4 Replies
who are the people in the photo? it would nice to have a face to go with a name.
Fun to be part of from Norway, although you guys had the better/faster responses than I could come up with. Keep up the good work, team, looking forward to use Azure AD B... Read More
Thank you for your time today!

Using the B2B capability to create guest records in our Organization and allow SSO into our AAD registered apps is a very useful integration.

 

I would really love to somehow see the high level status (link status) of the foreign Org ID record. Not personal

... Read More
43 Views
0 Reply

Hello,

 

We are using B2B for managing our partners, with the self service we can delegate the invitation to one default group at the level of the application. We have several groups per partners and we need to delegate for each partner a owner per group.we

... Read More
110 Views
2 Replies

Can you clarify the user experience and what a partner sees when they login? How and where do they see all other partner groups?

 

What kind of application? General custom

... Read More

Thanks Juan.

From the blog article, about the new features: "Ability to invite a user with any email address to collaborate. Whether a user has an Office365 or on-premises

... Read More

Welcome to the Azure Active Directory B2B Collaboration Ask Microsoft Anything! This live hour gives you the opportunity to ask questions and provide feedback directly to the Azure Active Directory team.

  

Please post your question in a new thread. You c

... Read More
530 Views
22 Replies
Please share the session link

Hi, Michael Kirst-Neshva from Neumünster in Germany here. MVP for Office 365 Servers and Services.

Hi everyone, I'm Aljohn Bonifacio, Global IT Manager from Philippines.

Is there documentation or recommendations on how we can allow our SharePoint Online site admins to invite guest users via Azure B2B?  We've tinkered with various permissions unsuccessfully and need a simple process these admins can follow without a need t

... Read More
121 Views
5 Replies

Hi Ryan - please refer to this doc here and let us know if this helps: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-o365-external-user 

Read More

(EDIT: The summary document of what was covered during the Azure Active Directory B2B Collaboration AMA is attached here!)

 

Thank you for joining us and voicing your questions and feedback during this fun and action-packed hour.  

 

See you next time!

 

... Read More
223 Views
6 Replies

The Link should now be working!

 

Please, fill out this quick survey about the AMA, we'd love to hear your feedback! 

Read More
Feedback:
Thank you for your time and answers!
Thank you for that product idea!
I'm talking since two years in sessions "Your Extranet in 5 Minutes including Identity Manage... Read More
Thank you
Thanks for your time.
But I'm not allow to see this forms ;-)
Microsoft Forms is not launched to your organization yet
Please contact your administrator for details.

Session id: ce636a5e-a103-46d5-ba7c-889f3bfcd90f, Correlation id: 5d... Read More

Am I correct in saying partner organisations who use ADFS (with no identity in Azure AD) are not able to use B2B?  How can we overcome this?  Are there any timings as this is becoming a major hurdle for us.

134 Views
7 Replies
Hi Bally - partners without Azure AD can still use B2B. We just spin up an Azure AD tenancy and account for them at the time of redemption. Please check out the 15 minute... Read More

Will the implementation of tenant restrictions via proxy header injection prevent users in our directory who were invited as B2B guest users to another tenant from accessing that partner tenant from our network where tenant restrictions are in place?  I p

... Read More
156 Views
3 Replies

We have a allow / deny list coming up for managing outgoing relationships, but what is your scenario for restricting incoming relationships?

Hello,

Can a guest account be manager of a group in order to send invitation and add/remove members

88 Views
4 Replies

Thank you for you reply, can we have a documentation for that

In our implementation and testing the past quarter, the Azure AD B2B required an elevated set of privileges that was not appropriate for a guest user... but you COULD do ... Read More
Yes, the self-service group management works for a guest account for the most part. Let us know if you have any issues with this. For sending the invitation, the guest us... Read More
Hello, do you plan to add support for self user managed guest B2B memberships? So that user could also leave the organization they were invited into? Right now, I am in quite a lot of AADs from different projects and it is cluttering my Azure Portal and M... Read More
93 Views
2 Replies
Hi, I'm thinking, this is a good question!
Because, when you your reading the GDPR Requirements, this could be an important point!
GDPR = European General Data Protection R... Read More

Hi Jan - yes, this is a frequently requested capability that we're looking at. Please stay tuned for updates.

Is there a definative Aazure AD B2B Roadmap that working parties can follow?

James Andrew Malone, Programmer Analyst, STV

103 Views
4 Replies
So the Azure Roadmap https://azure.microsoft.com/en-us/roadmap/ is searched for B2B has one line "Azure Active Directory B2B collaboration" In preview ... that does not l... Read More

Thank you James!


You can view the roadmap along with other links below.

-https://azure.microsoft.com/en-us/roadmap/

-follow AzureAD on twitter at https://twitter.com/azuread

... Read More

Hi

 

We are using B2B, and have a customer with an ADFS solution.  I want to understand if it's possible, and how to have the B2B user authenticated by the ADFS hosted by the customer.

 

Thanks in advance :)

Joe

Read More
431 Views
6 Replies
Joe - like Raymond says in the reply below, if the partner has an Azure AD that is federating authentication to their ADFS infrastructure, then there is nothing new to be... Read More

If your customer has a working AD FS infrastructrure integrated with Azure AD, then the users of that organization will automatically be authenticated by that AD FS when

... Read More

Hello to the community,

I recently started experimenting with MS Azure, and I can say I am quite intrigued from its capabilities. I have managed to set up login with ADFS and WAP servers but I am currently struggling with Azure B2B.

I have successfully invi

... Read More
79 Views
2 Replies

Hello Rouxlas - 

 

Yes, B2B users can access O365. Currently, SPO/OneDrive, Office 365 groups, Dynamics 365 and Dynamics CRM support B2B user access.

 

Support for other

... Read More

We have a customer who would like to use Azure AD B2B as a replacement for federation (AD FS), so their business partners can access their web site. I've not seen an end-to-end scenario list of what all is possible with B2B and am wondering if that use ca

... Read More
107 Views
4 Replies

Hi Kent - please have a look at this quick 15 minute video for what's possible and what's coming with Azure AD B2B Collaboration: https://aka.ms/b2bmechanics. Let me know

... Read More
Hi Kent, my answer was for you :-)

We have some customers, where we are implementing AAD Sync with full password sync and using Office365 Groups as "Extranet Site" for "ex... Read More

For viral/JIT client users, we need to have validation set at regular intervals to ensure the user is still a part of their organisation.  Currently, there is no validation in place for these JIT users.  Are there any plans to address this and timings?

Read More
86 Views
3 Replies

Hi Bally, we have heard this ask from several customers and it is definitely on our roadmap.  For background, we have access reviews today in Azure AD as part of Azure AD

... Read More

Can a global administrator for an Azure Commercial tenant invite a user that is federated with an Azure Gov tenant?

56 Views
3 Replies

Hi Tony - Great question. We hear this feature request a lot. We believe this is very important and we're looking into it. Stay tuned for updates.

We have some customers, where we are implementing AAD Sync with full password sync and using Offic e365 Groups as"Extranet Site" for "external/external" and "external/internal" users. With an internal process, the users are Azure B2B only.

70 Views
1 Reply
Welcome to the community! Let us know if you have any questions!

If you enfore MFA on a B2B user via AAD conditional access and the user cant use the already confiured MFA app / MFA options.

They have to register for MFA again and even end up with two entries in the Authenticator App if used.

 

Are you looking to improve

... Read More
68 Views
1 Reply

HI Alexander - thanks for the question!

 

Currently, MFA is managed at the resource tenant - that is the tenant that has invited the B2B user. This allows the organizatio

... Read More
Best Response

Hello

 

Ram here. I've got few questions on usecase scenarios to make few architectural recommendations:

 

  1. Do you have any usecases and architectural solutions in integrating B2B with on-premise organisation ADs and services such as portals hosted on Azure in
... Read More
99 Views
1 Reply

Hi Ram -

 

Thanks for your questions:

 

1. We are going to be publishing guidance on OnPrem app access for B2B users soon. Stay tuned!

2. Yes. B2B users will be able to a

... Read More

Hi, Khaliq here from South Africa and asking a question on behalf of a customer that could make it (we already 18:00).  Any update on supported patterns for on-premis?

 

82 Views
1 Reply
Hi Khaliq - great question! We are putting together some guidance this and will publish soon. Stay tuned!

Hi

 

First I'd like to confirm my understanding that the passwords for invited guests are managed in the guest/partner's own identity provider and not in our (resource provider) AAD tenant?

 

I'd also like to confirm if at any time the guest password is actua

... Read More
130 Views
1 Reply

Hi Shayne-

 

B2B by default uses federated authentication. So that the guest passwords never leave the partner org. Also, the password policies are managed by the partner

... Read More
Best Response

Hi,

 

This is not a question.

 

I am writing this after being in contact with the product group, so that others can find this later without bothering them again :)

 

The invitedToGroups and invitedToApplications columns from CSV are not directly implemented in

... Read More
507 Views
13 Replies

Great find!

 

So how are you detecting that the user has accepted the invitation?  As you can't add them to a group or application until they do.

 

I believe this is because

... Read More
Thanks Marius! This will be very useful for those who want to invite a user and add them to a group or an app in the same script.

HI,

I have a queston about partners who dont have Azure AD  OR just On-premise managed IT Accounts & Consumer accounts

1. Is there any way that for such IT managed accounts in which case they would be using a Microsoft account to access my tenant based on t

... Read More
77 Views
1 Reply

We are working on direct federation capabilities with such partners. That will bring in the lifecycle controls similar to what you'd get if the partner is on Azure AD.

Read More

Azure Analysis Services integrates with Azure Active Directory (Azure AD) to allow users within an AAD tenant to log into a server. Customers have asked for the ability to allow users from other organizations to access their models in Azure Analysis Servi

... Read More
120 Views
1 Reply

This is amazing progress. Very excting! Thanks for sharing!

I'm trying to get my head around Azure B2C and B2B.

 

We are building a web app to be used by both internal (O365 users) and external users. Most of the external users will be individuals or employees of social profits without an identity provider.

 

If we go

... Read More
247 Views
3 Replies

B2B collaborators can sign in with an identity of their choice. If the user doesn’t have a Microsoft account or an Azure AD account – one is created for them seamlessly a

... Read More

Hi

 

The title says it all - I have been searching for a detailed description of how guest users change their passwords.

 

Are the guest user account somehow tied to their on-prem AD account so it is SSO? If not, do we, at the host tenant, need to activate se

... Read More
320 Views
4 Replies

Hi Jakob

 

The guest users are "by design" not full users in your Azure AD, and you don't hold their password.  Their representation in the Azure AD is just a sort of "link

... Read More

Great to see Azure B2B reach GA! 

 

After reading about the licensing restrictions discussed here (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-licensing), I was curious about the bullet point under "Additional licensing deta

... Read More
212 Views
2 Replies

Hello @Brian Acklen, we`re glad to see your enthusiasm and your plans in using #AzureAD B2B!

@Sarat Subramaniam , do we have anything to add to the "There will be automat

... Read More

Having SharePoint OnPrem, ADFS, Azure AD Sync etc in place and wanting to use Azure AD B2B for external user access the authentication of external users in the SharePoint Web Application is now possible. 

Creating an "Azure Security Group" (putting all ext

... Read More
512 Views
6 Replies

Inorder for B2B users to access OnPrem applications, you need to:

1. Set up App proxy for Authentication to work

2. Write back B2B users to OnPremises for Authorization t

... Read More

We are excited to announce an Azure Active Directory B2B Collaboration AMA! Please join us on Thursday, July 6th, 2017 from 9:00am to 10:00am PST in the Azure Active Directory B2B Collaboration Group.
  

Add the AMA to your calendar

 

An AMA is a live o

... Read More
1,853 Views
0 Reply

SAML2, and OIDC both support transporting additional attributes during authentication. This is very useful to setup Just in Time (JIT) provisioning.  

 

What is the recommended way to store additional attributes in AAD, and how can I configure the AAD appli

... Read More
228 Views
3 Replies

After some more research, and digging through documentation, I think this is the process that needs to be followed for the 'category' = { Bronze,Silver,Gold} example abov

... Read More
Best Response

Or If I am using SCIM, how do I map a custom attribute (hypothetically speaking a Open, or even schema extension attribute) to a SCIM attribute configuration entry?

 

https://github.com/Microsoft/azure-docs/blob/master/articles/active-directory/active-directory-saas-customizing-attribute-mappings.md

... Read More

I’m excited to let you know that Azure AD business-to-business (B2B) collaboration is generally available worldwide!

 

Azure AD B2B collaboration capabilities enable any organization using Azure AD to work safely and securely with users from any other or

... Read More
955 Views
2 Replies

This is awesome news!

 

My company was using the feature in Preview, and we noted a bug which meant that there were problems with email if the B2B invited user was already

... Read More

Robert - we received feedback that adding guest users in the same place as regular users was not super-intuitive. Because of that feedback we have recently introduced a s

... Read More
Best Response

For some reason the screenshot was not included in my first post...

I'm excited about the new introduced features and I immediately tried it out. What my customer are looking for is to enhance the external collaboration on their SharePoint Online. I want to enforce MFA for all or selected external users. The users are alr

... Read More
902 Views
7 Replies

Marco - can you try the instructions I have included here to enable MFA for SPO and let us know if it works for you?

 

Let’s say the goal is: MFA for guest users only, ac

... Read More

We love your enthusiasm on the new features, Marco!

 

@Sarat Subramaniam, @Mary Lynch, do you have inputs on the behavior described by Marco?

Read More

The new Azure AD B2B features are exciting. I'm wondering how Azure AD B2B fits with my paradigm. I work in a SaaS software company in the manufacturing automation market. People from many companies use our Azure Cloud-based software. Each company has per

... Read More
131 Views
1 Reply

Azure AD B2B has promise in your scenario.

 

Please also have a look at this table that compares Azure AD B2B and B2C. I have a sense that yours might be more aligned to

... Read More
Best Response

Hi

 

We have tried to manually create guest users in the new Azure Portal. When we do it that way, we are apparently not able to grant the guest users access to SPO sites. But if we create the users via CSV file import in the old Azure Portal, there are no

... Read More
336 Views
9 Replies

Hi Jakob

 

Did you just "create" guest users, or actually invite them?  I understand you still need to invite them so they can redeem the invitation - this leads to a usabl

... Read More

Lead engineer for Microsoft Identity Services Sarat Subramaniam, goes over Azure Active Directory B2B collaboration, which as of 4/12/ 17 is now generally available.

 

If you are unfamiliar with Azure AD B2B:

It is service that simplifies the secure shari

... Read More
214 Views
0 Reply

If I grant guest users rights directly to a SPO document library (after having disabled inheritance), the users will have the expected rights, but they will not show up in the list of users/groups with access to the library. This is of course a security p

... Read More
245 Views
4 Replies
Are you picking the users from the B2B users already invited through Azure AD B2B?

Hi Guys,

 

We would really like to see a way where the redemption of invitations can be automated by using an Azure AD App through the API. Currently this only seems possible when using a user account.

 

We are having to do huge CSV uploads of users and t

... Read More
192 Views
1 Reply

Hello Clemence - thanks for your question!

 

I think you are asking for a stand alone portal that can perhaps perform self-service sign-up.

 

This is possible with our AP

... Read More
Best Response

It will be great to know when a mail enabled contact and guest user with the same email address will be able to co-exist or merge in Azure AD. I see it is on the roadmap. 

Interesting to know what the approach is to resolve this? 

 

My customer has the issue

... Read More
357 Views
3 Replies
This is done now and you should be able to see this working in your tenancy. The issue that currently exists is that conflicted Guest users cannot access Office 365 group... Read More
Yes. We are in the process of testing co-existence of Guests and contacts and this will be available as part of GA.
Best Response

The Azure Active Directory B2B Collaboration Community is a place we've built for all of you. You can learn more about the capabilities, discuss your work with Azure AD B2B collaboration, and connect with experts that build and use Azure Active Directory

... Read More
2,407 Views
6 Replies
great to have a space to talk about the B2b progress.

We've created a new place for you to share your ideas, feedback, and feature requests regarding Azure Active Directory B2B Collaboration.  

 

Submit and vote here

 

AzureIdeaExchange.PNG

 

Read More
209 Views
0 Reply