Query on Azure AD B2C licensing and features

%3CLINGO-SUB%20id%3D%22lingo-sub-2516583%22%20slang%3D%22en-US%22%3EQuery%20on%20Azure%20AD%20B2C%20licensing%20and%20features%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2516583%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EWondering%20whether%20I%20could%20get%20some%20assistance%20%2F%20feedback%20from%20the%20forum%20to%20the%20queries%20related%20to%20Azure%20AD%20B2C%20licensing%20and%20features.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%3E%3CSTRONG%3EB2C%20linked%20to%20P1%20subscription%20level%2C%20but%20Azure%20AD%20blade%20displays%26nbsp%3B%22Azure%20AD%20Free%22%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAzure%20AD%20B2C%20Tenant%20is%20linked%20to%20subscription%20with%20P1%20pricing%20tier.%3CBR%20%2F%3EHowever%2C%20Azure%20AD%20Tenant%20blade%20lists%20AD%20Tenant%20License%20as%20%22Azure%20AD%20Free%22.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20title%3D%22Azure%20AD%20SLA%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fsupport%2Flegal%2Fsla%2Factive-directory%2Fv1_1%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%22Azure%20AD%20Free%22%20does%20not%20have%20SLA%20commitment%20and%20has%2050k%20object%20limit.%3C%2FA%3E%3C%2FP%3E%3CP%3EMust%20we%20also%20procure%20few%20Azure%20AD%20P1%20license%20for%20B2C%20tenant%20in%20additional%20to%20the%20B2C%20P1%20subscription%20to%20ensure%20AD%20tenant%20SLA%20and%20overcoming%2050k%20object%20limit%20%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CSTRONG%3ELicense%20for%20organization%20employees%20accessing%20B2C%20apps%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20title%3D%22Azure%20AD%20external%20identities%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Factive-directory%2Fexternal-identities%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAccording%20to%20Azure%20AD%20external%20identities%20FAQ%3C%2FA%3E%20-%20the%20MAU%20pricing%20for%20P1%20subscription%20is%20applicable%20only%20for%20external%20users.%20All%20organization%20employees%20need%20a%20P1%20license.%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20this%20clause%20also%20applicable%20to%20B2C%20tenant%20or%20is%20it%20relevant%20only%20for%20B2B%20tenant%20%3F%3CBR%20%2F%3E%3CBR%20%2F%3ESuppose%20that%20few%20organization%20employees%20like%20technical%20support%20admins%20also%20need%20to%20access%20Apps%20in%20B2C%20tenant%20-%20this%20can%20be%20facilitated%20by%20creating%20OIDC%20identity%20provider%20in%20B2C%20tenant%20to%20federate%20to%20organization%20Azure%20AD%20B2B%20tenant%20for%20authentication%20of%20employees.%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%3CBR%20%2F%3EDo%20these%20organization%20users%20users%20need%20additional%20P1%20license%20for%20B2C%20tenant%20%3F%3CBR%20%2F%3EAre%20the%20organization%20users%20also%20counted%20towards%20the%20MAU%20P1%20subscription%20just%20like%20external%20users%20in%20case%20of%20B2C%20scenario%20%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3E%3CSTRONG%3EAD%20Group%20feature%20capability%20for%20B2C%20tenant%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSTRONG%3E%3CA%20title%3D%22AD%20features%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-b2c%2Ftenant-management%23supported-azure-ad-features%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EAccording%20to%20supported%20AD%20features%3C%2FA%3E%20%22Consumer%20accounts%20can%20not%20be%20member%20of%20any%20group.%22%3CBR%20%2F%3E%3CBR%20%2F%3ECurrently%20we%20are%20able%20to%20add%20B2C%20consumer%20accounts%20as%20member%20or%20owner%20of%20Azure%20AD%20security%20groups.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20instance%3A%20One%20could%20use%20group%20membership%20with%20custom%20sign-in%20%2F%20sign-up%20policy%20-%20user%20shall%20be%20added%20to%20%22App%20Group%22%20when%20user%20is%20signed%20up%20by%20App%2C%20and%20only%20%22App%20Group%22%20members%20shall%20be%20able%20to%20signin%20to%20App.%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20this%20the%20case%20of%20documentation%20not%20up%20to%20date%20%3F%20Or%20is%20the%20intended%20group%20usage%20one%20of%20unsupported%20features%20in%20B2C%20tenant.%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CBR%20%2F%3ERegards%2C%3CBR%20%2F%3EMehul%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2516583%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EB2C%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELicensing%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Visitor

Hello,

Wondering whether I could get some assistance / feedback from the forum to the queries related to Azure AD B2C licensing and features.

 

  • B2C linked to P1 subscription level, but Azure AD blade displays "Azure AD Free"


    Azure AD B2C Tenant is linked to subscription with P1 pricing tier.
    However, Azure AD Tenant blade lists AD Tenant License as "Azure AD Free".

    "Azure AD Free" does not have SLA commitment and has 50k object limit.

    Must we also procure few Azure AD P1 license for B2C tenant in additional to the B2C P1 subscription to ensure AD tenant SLA and overcoming 50k object limit ?

  • License for organization employees accessing B2C apps

    According to Azure AD external identities FAQ - the MAU pricing for P1 subscription is applicable only for external users. All organization employees need a P1 license.

    Is this clause also applicable to B2C tenant or is it relevant only for B2B tenant ?

    Suppose that few organization employees like technical support admins also need to access Apps in B2C tenant - this can be facilitated by creating OIDC identity provider in B2C tenant to federate to organization Azure AD B2B tenant for authentication of employees.
       
    Do these organization users users need additional P1 license for B2C tenant ?
    Are the organization users also counted towards the MAU P1 subscription just like external users in case of B2C scenario ?

  • AD Group feature capability for B2C tenant

    According to supported AD features "Consumer accounts can not be member of any group."

    Currently we are able to add B2C consumer accounts as member or owner of Azure AD security groups.

    For instance: One could use group membership with custom sign-in / sign-up policy - user shall be added to "App Group" when user is signed up by App, and only "App Group" members shall be able to signin to App.

    Is this the case of documentation not up to date ? Or is the intended group usage one of unsupported features in B2C tenant.


Regards,
Mehul

0 Replies