Technical Blog | REBELADMIN

Learn about Active Directory and Various Azure Services

Azure AD B2B

Step-by-Step Guide : Azure AD B2B Email one-time passcode authentication (preview)

Azure AD B2B allows organizations to share company applications and other services/resources with external users. Before, this external user should have one of following to initiate connection with the organization who sents the B2B inivitation. 

1) Azure AD Account

2) Microsoft Account

3) Google Federation ( More info : https://www.rebeladmin.com/2019/02/step-step-guide-setup-federation-google-azure-ad-b2b/ )

Email one-time passcode authentication (OTP) feature now allow B2B users to authenticate using one time passcode if they cant use one of the above methods. Once OTP is issued it is only valid for 30 minutes. If user didn’t use it with in 30 minutes, he/she need to request new OTP code for authentication. Once authenticated, session will be valid for 24 hours.  

This feature is still under public preview. OTP users must use the https://myapps.microsoft.com/?tenantid=<tenant id> , https://portal.azure.com/<tenant id> or https://myapps.microsoft.com/<verified domain>.onmicrosoft.com when they authenticate. In above <tenant id> should replaced with the organization’s tenant ID. <verified domain> should replace using the default domain details. 

You can find the tenant id using, 

Azure Portal | Azure Active Directory | Properties | Directory ID  

Let’s see how we can enable this new OTP feature. 

To do that,

1) Log in to Azure portal as Global Administrator

2) Go to Azure Active Directory | Organizational relationships 

3) Then go to Settings

[Read more…] about Step-by-Step Guide : Azure AD B2B Email one-time passcode authentication (preview)

Conditional Access with Azure AD B2B

In my previous post I explain how we can use Azure AD B2B to share services/resources between organization. Once these B2B users are register with Azure AD, we can apply “Conditional Access” polcies to control their access further. In this demo I am going to show how to do that. 

Prerequisites

Before we start please go ahead and read my previous article about Azure AD B2B, because in this post I am going assume that you already finish the sign-up process for Azure AD B2B users. 

 You can access the post using https://www.rebeladmin.com/2018/11/cross-organization-collaboration-azure-ad-b2b/ 

In my demo environment, I have sg-Finance security group. All the users from Finance department are part of it. I do have several applications assigned to them. Company Contoso recently made partnership with another company. Some privileged users from this new company required access to the applications used by sg-Finance users. Therefore, I went ahead and made them member of this group using Azure B2B. However, I need to put extra layer of security for these external user access requests to make sure my sensitive data been protected.  

1. To start the configuration, I am logging in to https://portal.azure.com as Global Administrator

2. Then Azure Active Directory | Groups | sg-Finance | Members. In here I can see B2B user dmfrancis

3. Now go back to Azure Active Directory home page and click on Conditional Access

4. Then click on New policy

[Read more…] about Conditional Access with Azure AD B2B