I would like to know what is the best approach for integrating with partners or customer from the AAD perspective.
Currently we are adding our customer/partner as B2B(Guest User) with control over Conditional Access on what they can do. We don't want customer's users to be able to see each other as well.
As of now, we felt that placing our customer in our AAD is
1. Troublesome - as we need to worry whether any change of policy affect our customer. We have some past experience that our accidental changes cause our partner's account to be block out ending with them needed to ask their Azure administrator to unblock their account.
2. Not very flexible - as we also plan to provide our
- L1 which is our partner gain them the ability to invite Customer user
- Customer Admin user on inviting their user without giving additional access unnecessary.