Microsoft Looks Beyond the Enterprise with Azure AD Extensions

 Active Directory is used by well over 90 percent of enterprises for authentication to core systems ranging from file servers to various other resources connected to organizations' networks. In a key step toward extending its reach to support partners and customers, Microsoft today is adding two new services to Azure AD that the company says can scale and manage external identities.

The new Azure AD B2C Basic service was designed to enable support for customer facing apps and Azure AD B2B Collaboration will add security for business-to-business partners. Microsoft is releasing technical previews of both new services today. Microsoft indicated an Azure AD B2C Premium edition is also in the works.

 "You just turn on the ability to establish trusted relationships between you and the set of partners who you want to work with," said Alex Simons, Microsoft's senior director for Active Directory, during a conversation prior to the announcement. The B2C (business-to-consumer) service that targets consumers can scale to "hundreds of millions of consumer identities," Simons said in a blog post, noting customers can authenticate now with Facebook and Google credentials and soon to be supported are Microsoft Accounts. The service can support hundreds of millions of consumer identities. The first 50,000 are free. Microsoft posted pricing for those with more than 50,000.

"Along with security and scale, Azure Active Directory B2C also easily integrates with nearly any platform, and it is accessible across devices. This functionality means that your consumers will be able to use their existing social media accounts or create new credentials to single-sign on to your applications through a fully customizable user experience. Optional multifactor authentication will also be available to add additional protection."

The Azure B2B Collaboration component will allow organizations to add contractors and business partners, while ensuring resources are protected. It will support single sign-on to resources based on permissions to such apps and services as Workday, Dropbox and Saleforce.com. Simons noted that Microsoft is demonstrating it in the DevZone section at Salesforce.com's Dreamforce, the software as a service company's annual customer and partner event taking place this week in San Francisco.

Organizations using Azure B2B Collaboration can create advanced trust relationships between Azure AD tenants to share access to business applications and data, according to Simons.

A few early access partners including Real Madrid, lens maker Carl Zeiss and Kodak Alaras acknowledged they're testing the new services via Simons post. In the case of Kodak Alaras, the company set it up to support thousands of partners accessing a new extranet.     

"It's the equivalent of setting up a trust between two tenants in Azure Active Directory, the difference being that it's done at an individual group or user level between the tenants," Simons said. "So you wouldn't just have Microsoft say ‘I trust Intel,' it would be Microsoft saying ‘oh I want these five people or these three groups that Intel has specified to be able to use my applications.'"

Posted by Jeffrey Schwartz on 09/16/2015 at 11:29 AM