Azure AD B2B solves the problem of collaboration between business partners. It allows users to share business applications between partners, without going through inter-company federation relationships and internally-managed partner identities. With Azure AD B2B, you can create cross-company relationships by inviting and authorizing users from partner companies to access your resources. With this process, each company federates once, with Azure AD, and each user is then represented by a single Azure AD account. This option also provides a higher security level, because if a user leaves the partner organization, access is automatically disallowed. Inside of Azure AD, the user will be handled as a guest, and they won't be able to traverse other users in the directory. Permissions of the invited user will be provided over the correct associated group membership.

The following figure shows the process of enabling business partners to access your applications:

In the case of FLOW 1, the user will be able to sign in to the partner organization after they accept, and consent to, the invitation.

In the case of FLOW 2, the user signs up for their own Azure Active Directory and will be added to the Azure AD from which the invitation process was started.

You can find more information about the service at https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b. In Chapter 11, Creating Identity Life Cycle Management on Azure, we'll provide the configuration tasks for the complete guest-management life cycle, which includes the Azure AD B2B portal, using Azure MFA, conditional access, and access reviews.