Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Is it Entra ID and Entra External ID Collab + Entra External ID B2C? Or?

Copper Contributor

Hi,

Will someone please clarify something for me.

 

Are Entra ID and Entra External ID different products or just the same product separated into logical tenants for the purpose of security partitioning?

 

I was reviewing the FAQ for an upcoming CIAM webinar the following question was presented:

 

Question: I am currently using Azure AD B2B collaboration and B2B direct connect, have these experiences changed?

Answer: Azure AD B2B collaboration and B2B direct connect are now part of Microsoft Entra External ID as External ID B2B collaboration and B2B direct connect. There are no changes to your product experience, B2B collaboration features remain in the same location in the Microsoft Entra admin center within the workforce tenant, allowing you to secure all business guests, streamline collaboration, and limit access risks extending ID Governance to external users.

 

This indicates that if you are currently using Azure AD for guest accounts (as we are, due to the limitations of Azure B2C) then there's no change. The conclusion is the only benefit of using Entra External ID is strictly for any new/future capabilities and replacement of Azure AD B2C. We are looking for federation of B2C customer's IdP on a more enterprise level, not just Google and Facebook but we desire to have the security partition in place and not have guest accounts in our Entra ID Enterprise tenant.

 

Very confusing.

 

Thanks.

 

 

1 Reply

@Mike_Walley 

 

Hello Mike,

 

Thanks for posting this query and i will try my best to clarify the same post my detailed research on the same (actually its very complex to explain, but i will still try)

 

Are Entra ID and Entra External ID different products or just the same product separated into logical tenants for the purpose of security partitioning? - ITs A SAME PRODUCT, NO SEPARATE PRODUCT.

 

As of today if you go to PORTAL.Azure.COM > Microsoft ENTRA ID > then under "Manage" you will find > "External Identities". So its a feature under ENTRA ID not a SEPARATE product.

 

Now to clarify the CONFUSION which many people might have about this, let me PUT some of the research i did and what i understood as MS stretargy with Microsoft External Identities.

 

The very first thing we must understand and note down is difference between different types of guests and different types of ENTRA tenants we have. (below must be known to all, but i still want to add that because any new reader who dosen't can still understand the same)

 

A) ***There are two types of EXTERNAL IDENTITIES "CUSTOMERS/CONSUMER" and "BUSINESS COLLABRATION GUESTS"***


B) ***And there are Two types of ENTRA ID tenants we create one as "Azure AD B2C (business to customer)" and another tenant we create is normal/standard "ENTRA ID tnenat/WorkForce/end users tenant" (used for business to business guests).***


Untill now if any company has/had both type of GUEST/EXTERNAL users as explained above in section "A" for that companys used to create 2 separate ENTRA tenants.


To invite/add/manage "CUSTOMER/CONSUMER" type EXTERNAL/GUEST users companies used to REGISTER "Azure AD B2C" ENTRA Tenant.


To invite/add/manage "BUSINESS COLLABRATION GUESTS" type of EXTERNAL/GUEST users then company add them into there regualr/Standard ENTRA ID End user's/workforce tenant, as our company end users wants to collabrate with "BUSINESS COLLABRATION GUESTS" from another PARTNER orgnisation.


But From NOW ONWARDS what MS is saying is that If company has above scenario of managing both type of GUEST/EXTERNAL users as mentioned in section "A" then companies still needs to register TWO different ENTRA tenants.


But to manage "CUSTOMERS/CONSUMER" type of EXTERNAL/GUEST users, COMPANYS DO NOT NEED to REGISTER "Azure AD B2C" anymore, instead they need to register standard "Microsoft ENTRA ID TENANT" and manage those "CUSTOMERS/CONSUMER" EXTERNAL/GUEST identities using the PORTAL.Azure.COM > Microsoft ENTRA ID > "Manage" > "External Identities" section.

 

And to manage/add/invite "BUSINESS COLLABRATION GUESTS" type of EXTERNAL/GUEST users companies needs to continue adding them into standard/Regular ENTRA ID TENANT for END USERS/Workforce and manage them via PORTAL.Azure.COM > Microsoft ENTRA ID > "Manage" > "External Identities" section as well.

 

Basically, MS do not want people to REGISTER "Azure AD B2C" tenants anymore to manage CONSUMER/CUSTOMER guest identities, because in Azure AD B2C tenant type we are not having all the SECURITY and other advanced capabilities which are available in STANDARD ENTRA ID Tenant, and from now onwards MS wants to secure and allow "CONSUMER/CUSTOMER" idnetities also utilise the standard ENTRA SECURITY and Other capabilities.

 

Additionally, MS has mentioned in articles that customer who are using "Azure AD B2C" tenant do not need to panic as the support for "Azure AD B2C" is still there till 2030 and Microsoft is working on the MIGRATION stretargy to migrate customers from "Azure AD B2C" to standard ENTRA ID Tenant under EXTERNAL IDENTITIES.

 

If you want to undrestand in more details, then i would recommend have read of both of below articles together.

Have a read of this article first which explains about what is Microsoft ENTRA External Identities is - https://learn.microsoft.com/en-us/entra/external-id/external-identities-overview

 

Then have a read about POST on "Evolve your CIAM strategy with External ID" - https://techcommunity.microsoft.com/t5/microsoft-entra-blog/evolve-your-ciam-strategy-with-external-...

 


Hope above explaination clear out the confusion.

 

Thanks
Vicky Rajdev