Azure AD B2C
Start course
1h 41m

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions


  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.





Azure Active Directory Business-to-Consumer, also known as Azure AD B2C, is an identity management service that offers organizations the ability to customize and control how customers interact with corporate applications. It allows organizations to control how users sign up, sign in, and how they manage their profiles when using the applications. Azure AD Business-to-Consumer enables this functionality while also protecting customer identities. Applications registered with Azure AD B2C can be configured to handle many identity management tasks. 

For example, you can allow users to sign up to use a registered application, you can enable a signed-up user to edit his profile, and you can even enable MFA in the application. Other identity management tasks that can be handled include allowing users to sign up and sign in with specific identity providers, such as Facebook, for example. You can even customize the look and feel of the signup experience for users, as well as the sign-in experience. Azure AD B2C completes identity tasks by interacting in sequence with identity providers, also known as IdPs. It also interacts with users, other systems, and with the local directory. The Identity Experience Framework establishes multi-party trust and completes these steps. Along with a Trust Framework policy, this framework defines the actors, actions, protocols, and sequence of steps that need to be completed in order to make things work. Azure AD B2C makes use of SYN cookies and rate and connection limits to protect against denial-of-service and password attacks against applications. It also includes mitigation for brute-force password attacks, as well as dictionary password attacks. 

A service that authenticates customer identities and issues security tokens is called an identity provider. Azure AD B2C offers the ability to configure several different identity providers in the tenant. Common identity providers include Microsoft accounts, Facebook, and even Amazon. Before configuring an identity provider in an Azure AD B2C tenant, the application identifier, client identifier, password secret, and client secret, or a combination of each, depending on the identity provider itself, must be recorded from the identity provider application that is created. This identifier information is then used to configure the application that will be accessed via the identity provider being configured. Every Azure AD B2C tenant is distinct and separate from other Azure AD B2C tenants. To leverage the features of AD B2C, you must deploy a B2C tenant, and link it to your Azure subscription. If you wish to allow users to sign in to an application using Facebook, Amazon, or some other identity provider, you must first register the application in the Azure AD B2C tenant.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.