Azure AD B2B
Start course
1h 41m

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions


  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.





Azure Active Directory Business-to-Business collaboration, also known as Azure AD B2B, allows an organization to securely share company applications and company services with guest users from other organizations while retaining control over company data. With Azure AD B2B, an organization can work with external partners, even if they don't use Azure AD. The invitation and redemption process of Azure AD B2B allows users in a partner organization to use their own credentials to access a company's resources. Because the partner organization uses its own identity management solution, external administrative overhead for the sharing organization is essentially non-existent. There's no requirement to manage external accounts or passwords, nor is there a need to synchronize accounts or manage account lifecycles. When guest users are invited to access resources in a partner organization, they sign into the shared applications and services with their own identities. Guest users without a Microsoft account or Azure AD account have one created for them when they redeem their invitations. Inviting a guest user to access an app or service, using AD B2B, is as simple as sending an invite to the guest user, using the guest user's email address.

The guest user then follows a few easy redemption steps to sign in. Azure AD B2B offers the ability to use authorization policies to protect corporate content. Conditional access policies like MFA can be used to protect corporate applications and data. Such policies can be enforced at the tenant level, the application level, and even for specific guest users. With Azure AD B2B, administrators can add guest users to the organization right from the Azure portal. When the administrator creates the new guest user, which is done in a similar fashion to adding a new internal user, the guest user receives an invitation that allows him to sign into the Access Panel for that user. Guest users can be assigned to apps and even groups. By delegating guest user management to application owners, you can reduce the workload of the Azure administrators in your organization. Delegating user management allows application owners to add guest users to any application that they want. By delegating guest user management to application owners, you can reduce the workload of the Azure administrators in your organization. Delegating user management allows application owners to add guest users to any application that they want to share, even if it's not a Microsoft application. To make this work, an administrator needs to set up self-service app and group management. Once this has been configured, non-admins can use their Access Panel to add guest users to applications or to groups.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.