Data breaches are making headlines daily, and customer identities are a prime target😕. Organizations are struggling to keep up with the ever-evolving threats, especially when it comes to managing external identities like customers, partners, and guests. Fortunately, Microsoft stepped in with a new solution: Microsoft Entra External ID.
Microsoft Entra External ID, announced as a new addition to the Microsoft Entra product family during Microsoft Build 2023 last summer, is set to become generally available starting May 15th!🚀 With Microsoft Entra External Identities, you achieve two key goals:
- Secure B2B collaboration with your partners & guests.
- Implement robust Customer Identity and Access Management (CIAM) for your customer-facing applications.
Before delving into the details of Microsoft Entra External ID, let’s first clarify the current customer identity and access management solution offered by Azure AD.
What is the Current CIAM Solution of Azure AD?
CIAM, or Customer Identity and Access Management, is a system that uses advanced security methods like multifactor authentication to protect sensitive information. It makes it easier for users to access various services by using a single sign-in, while also offering extra security features like fingerprint or face recognition.
Azure AD B2C is Azure’s current customer identity and access management solution. Some might wonder if Microsoft Entra External ID will replace it. However, Microsoft assures that Azure AD B2C will continue to be fully supported. There’s no pressure to migrate to a different product, and Microsoft is committed to ongoing investment in Azure AD B2C.
This means you can continue using Azure AD B2C with confidence, knowing it’s a reliable and secure solution backed by Microsoft. Still confused? Let’s break it down a bit!
Azure AD B2C v/s Microsoft Entra External ID
Microsoft Entra External ID and Azure AD B2C are two distinct product offerings. Microsoft Entra External ID is a converged platform that has been designed to be future-proof and developer-friendly, catering to all identity needs including B2E, B2B, and B2C interactions.
Meanwhile, Azure AD B2C is primarily intended for the development of customer-facing applications. The Azure AD B2C solution is being evolved towards becoming a more developer-friendly platform that is unified with the latest security and governance capabilities of Azure AD as Microsoft Entra External ID. It is deeply integrated with the Microsoft Entra portfolio of solutions and is supported by a promise of reliability, scale, and built-in fraud management.
The most popular B2C features and scenarios are now integrated into Microsoft Entra External ID, allowing for consistent utilization of the powerful app development libraries (Microsoft Authentication Library or MSAL), flexible customization capabilities for end-user experiences and journeys, easy authorization with role-based access control (RBAC), and rich administration portals for any B2B or B2C application.
Now, let’s elaborate on the capabilities of Microsoft Entra External ID.
What is Microsoft Entra External ID?
Microsoft Entra External ID is an evolution of the current Azure AD B2C as a developer-friendly platform that is unified with the latest security and governance capabilities of Azure AD.
Microsoft Entra External ID is a next-generation customer identity and access management (CIAM) solution for managing all external identities. These include customers, citizens, patients, partners, suppliers, and contractors within a single, unified platform.
With External ID, external users have the flexibility to utilize their preferred identities. Whether it’s a corporate or government-issued digital identity or a casual social identity such as Google or Facebook, individuals can sign in using their own credentials. Their identity provider manages their identity, while you maintain control over app access through Microsoft Entra ID or Azure AD B2C, ensuring the security of your resources. Create your Microsoft Entra External ID tenant here.
What is the Pricing of Microsoft Entra External ID (MEEID)?
Microsoft Entra External ID’s primary package is complimentary for up to 50,000 monthly active users (MAU). Beyond this threshold, each additional active user incurs a fee of $0.03 USD per MAU (with a discounted rate of $0.01625 USD per MAU until May 2025). You can also enjoy all the features of MEEID with an extended trial until July 1, 2024.
What are the Benefits of Microsoft Entra External ID?
Here’s why Microsoft Entra External ID can benefit your organization:
- Cost-saving potential: By integrating Microsoft Entra Verified ID features into Microsoft Entra External ID, companies can simplify user onboarding. This leads to faster self-service experiences, reduces fraud risks, and cuts down on help desk expenses by eliminating the hassles of ID verification processes.
- Improved user management efficiency: Streamlining external user management becomes more achievable with Microsoft Entra External ID, enhancing operational effectiveness.
- Simplified authentication processes: Custom sign-in systems become unnecessary, simplifying user authentication procedures and enhancing user experience.
- Access to innovative features: Remaining updated with the latest advancements ensures businesses can leverage innovative features for optimal performance.
- Establishment of robust authentication: With Microsoft Entra External ID, companies can establish a secure authentication system, bolstering overall security posture.
- Flexibility to user preferences: This solution enables businesses to adapt to evolving user preferences, fostering greater user satisfaction and engagement.
Features of Microsoft Entra External ID
The Microsoft Entra external ID offers a comprehensive suite of Azure AD External Identities features along with exciting new capabilities. These enhancements include developer-focused tools for swiftly creating secure, compliant web and mobile applications tailored for your customers and partners in just minutes.
New Developer-centric Features Offered by Microsoft Entra External ID
- Native Authentication: Microsoft Entra External ID supports native authentication. This grants developers the flexibility to opt for either native authentication or browser-delegated methods. You can use native authentication API or the MSAL SDK for Android and iOS to build apps with native authentication.
- Integration with External Systems: Integration of Microsoft Entra External ID with existing systems, like a Consent Management System (CMS), enables the fetching of external systems during user authentication to exchange data.
- Brand Customization for Sign-Up/Sign-In: Make your sign-up and sign-in experiences visually appealing and user-friendly, with options to customize them to match your company branding.
- Seamless Integration with Various Identity Providers: Enjoy seamless integration with various identity providers, including Azure AD, Google, and Facebook, ensuring flexibility for users.
- Single Sign-On (SSO) for Streamlined Access: Implement Federated Single Sign-On (SSO) for a smooth and hassle-free access experience across your applications.
- Risk-Based Authentication for Enhanced Security: Safeguard against unauthorized access with risk-based authentication, bolstering security measures.
- Robust Access Control Measures: Enforce stringent conditional access policies and multifactor authentication to mitigate risks and fortify user credentials.
- Identity Verification with Privacy: Prioritize privacy with identity verification mechanisms, ensuring the authenticity of user identities without compromising their privacy.
Capabilities of Microsoft Entra External ID
Microsoft Entra ID for Customers
For developers making apps for consumers, External ID allows users to use their existing digital identities, like from Google or Facebook, to sign in.
Whenever people want to use an app, they rely on their online identity to access it. Businesses need a way to identify and manage their customers’ online identities securely. This process, called CIAM (Customer Identity and Access Management), involves verifying identities (through one-time codes, authenticator apps, etc.) and managing them throughout the customer journey. CIAM also ensures compliance with privacy regulations and terms of use.
Microsoft Entra ID for customers is the new customer identity and management solution. This next-gen platform makes it easy for developers to integrate CIAM features like,
- personalized use interface
- Self-service sign-up flows
- Built-in fraud management
- User groups
- App roles
- Custom attributes and policies
Microsoft Entra External ID for Partners/Business Guests
Microsoft Entra External ID also extends to existing business-to-business (B2B) scenarios such as,
- B2B collaboration: B2B Collaboration enables external users to access your organization’s apps and resources using their own credentials, ideal for partners without Microsoft Entra IDs. Admins can invite users via Azure portal or PowerShell or allow self-service sign-up. The user object created can be managed like internal users, with permissions assigned. Cross-tenant access settings facilitate collaboration with other Entra organizations.
- B2B direct connect: B2B Direct Connect facilitates collaboration between Entra organizations, particularly through Teams shared channels. Users authenticate with their home organization and gain access to shared resources seamlessly. It enables features like shared chat, calls, and file-sharing across organizations, managed via cross-tenant access settings.
- Azure AD B2C: As we discussed above, Azure AD B2C is a CIAM solution for customer-facing apps, allowing developers to scale to millions of users. It offers customization of sign-up, sign-in, and profile management processes, supporting various identities like Facebook or Gmail. While similar to Entra External ID, it’s a separate service with distinct features.
- Microsoft Entra multitenant organization: Different tenants will share access to each other in an Entra ID multi-tenant organization. To make this work, you need to use Azure AD cross-tenant synchronization or another system for external identities.
In addition to the above, Microsoft Entra External ID also extends to Visual Studio Code as Microsoft Entra External ID for Visual Studio Code (Preview). This extension streamlines your setup process by quickly establishing a basic configuration, including the creation of a tenant for your application. It simplifies your workflow by automatically filling in essential values like application IDs, ensuring a smoother setup experience for your users.
Note: Microsoft Entra External ID offers features like B2B collaboration and B2B direct connect. You can manage these features in the Azure portal. To control inbound and outbound collaboration, use cross-tenant access settings and external collaboration settings together.
Supported Features of Microsoft Entra External ID
Microsoft Entra External ID is made for businesses wanting to share their apps with customers using the Microsoft Entra platform. Now, with this feature, there are two types of tenants you can create and handle:
- Workforce Tenant: This is for your employees and internal stuff. If you’ve used Microsoft Entra ID before, you’ve probably dealt with this type of tenant already.
- External Tenant: This one is for customer-facing apps, resources, and customer accounts. It’s separate from your workforce tenant and focuses solely on external users.
Common FAQs on Microsoft Entra External ID
Below are some common questions addressed by Microsoft regarding Microsoft Entra External ID.
1. What is the difference between External ID and Azure AD B2C?
Microsoft Entra External ID and Azure AD B2C are two separate platforms powered by ESTS and IEF respectively. Microsoft Entra External ID is our new converged platform which is future-proof and developer-friendly to meet all your identity needs – B2E, B2B, and B2C. At the same time, Microsoft will still continue to support Azure AD B2C as a separate product offering with no change in SLA.
2. Which solution is a better fit, Azure AD B2C or Microsoft Entra External ID?
You have an immediate need to deploy a production-ready build for customer-facing apps. Keep in mind that the next generation Microsoft Entra External ID platform represents the future of CIAM for Microsoft, and rapid innovation, new features, and capabilities will be focused on this platform. By choosing the next-generation platform from the start, you will receive the benefits of rapid innovation and a future-proof architecture.
Opt for the next generation Microsoft Entra External ID platform if:
- You’re starting fresh building identities into apps or you’re in the early stages of product discovery.
- The benefits of rapid innovation, new features, and capabilities are a priority.
3. Is Microsoft Entra External ID a new name for Azure AD B2C?
No, this isn’t a new name for Azure AD B2C. Microsoft Entra External ID builds on the success of our existing Azure AD B2C technologies but represents our future for CIAM. The new platform serves as the foundation for rapid innovation, features, and capabilities that address use cases across all external users.
4. Is there a migration planned from Azure AD B2C to the new Entra External ID Provider?
Microsoft recognizes the large investments in building and managing custom policies. They’ve listened to many customers who have shared that custom policies are too hard to build and manage. This next- generation platform will resolve the need for intricate custom policies. In addition to many other platforms and feature improvements, you’ll have equivalent functionality in the new platform but a much easier way to build and manage it. Microsoft expects to share migration options closer to the general availability of the next-generation platform.
We hope this blog has provided you with the necessary fundamentals to begin using Microsoft Entra External ID. Should you have any additional questions, please reach out to us via the comment section. We will be happy to assist you!