Azure Active Directory (Azure AD) B2B collaboration provides authentication and management of guests.
When Collaborating in FYI with Azure AD B2B, you can securely share your files with external users whilst maintaining control over your own corporate data. When a document or folder is shared with a client, if the client does not already have a work account or a Microsoft account, authentication happens via a one-time passcode.
FYI uses existing infrastructure both in FYI and in your practice's Microsoft 365. There is no subscription for using Azure AD B2B and your practice would only pay if you exceed 50,000 monthly active users, that is, guests accessing the files. For more information, refer to the Microsoft help article https://docs.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-pricing.
If you are not currently using B2B Collaboration, when a client is invited to Collaborate, they are added as an "anonymous user" and treated as such in SharePoint and OneDrive. These users cannot be identified nor can policies be applied to the account which can make it difficult to ensure adequate security measures can be implemented.
Benefits when using Azure AD B2B for Collaborate
- When a client, or anyone outside your organisation, is invited to Collaborate using B2B Collaboration, an account for the guest user (or an external collaborator) is created in Azure Active Directory. Your IT department can then implement security measures such as Multi-Factor Authentication (MFA) or can implement conditional access policies to ensure only specific access is provided.
- If Google Federation in Azure AD is configured, federated users can easily access OneDrive resources that have been shared with them. For information on how to configure this refer to How can we enable Google Federation in Azure so that external users are able to access the shared content with us using their existing Gmail account?
- Azure AD B2B for Collaborate allows for greater logging and reporting capabilities, including folder views and file access events.
- Internal users will not need to change any processes and they will not see any difference in how they use Collaborate in FYI.
- The changes are quick and easy and should not take more than an hour to update the settings.
Required Actions to Implement FYI with Azure AD B2B for Collaborate
- Your IT department needs to set up and enable the Azure AD B2B Integration for FYI.
Refer to Setting up and Enabling Azure AD B2B for Collaboration in FYI.
- In FYI, open the Collaborate app. In the setting for Microsoft 365 Security select "Guest Users".
Refer to Step 4 - In FYI, in the Collaborate App, select "Guest Users" for the Microsoft 365 Security Setting in Setting up and Enabling Azure AD B2B for Collaboration in FYI
and to Configuring your Collaborate Settings and Structure.
Once the integration with FYI is enabled, your team will not have to re-share or do any manual migration for documents that were already shared with the client. If a link that was created before Azure AD B2B integration was enabled, SharePoint will automatically create a B2B guest account when it is accessed.