Microsoft Targets Cloud Logins With Azure Active Directory B2C

Based on its identity management software platform for enterprises, Microsoft opens Azure AD up to developers of consumer-facing online apps.

Microsoft Azure Active Directory B2C

Microsoft has launched Azure Active Directory (AD) B2C in North America, the company announced this week. Other regions, including Europe and the Asia-Pacific, will get the service in the coming months.

Azure AD B2C builds on Microsoft's work on software that enables enterprises to control user access to their systems and data. As its name indicates, instead of acting as a gatekeeper for corporate computing systems, the service allows cloud developers to add identity services to their business-to-consumer (B2C) cloud applications.

The Azure-delivered service is a "game changer for organizations of all sizes," Swaroop Krishnamurthy, senior program manager at Microsoft Azure Active Directory, wrote in a blog posting. Azure AD B2C is aimed at businesses "that want to offer consumers secure access to their apps, by allowing consumers to reuse their existing social accounts or creating new app-local ones."

Behind the scenes, Azure AD B2C supports both the OpenID Connect and OAuth 2.0 protocols. According to Krishnamurthy, each of the service's "production-scale" B2C tenants can handle hundreds of millions of profiles. "We recently deployed new servers in our North American data centers exclusively for Azure AD B2C," he said.

Azure AD B2C allows developers to focus on their apps' core functionality while it handles securely connecting users with their online software, asserted Krishnamurthy. After integrating the offering, consumers can log-in with their existing social media accounts, including Facebook, LinkedIn and Google. It also supports Amazon, and of course, Microsoft accounts.

On the other hand, developers can opt to create accounts where usernames and passwords are specific to their own apps. Finally, Azure AD B2C can be used to implement multi-factor authentication, providing an extra layer of security.

To get the ball rolling, Microsoft has made the service free of charge until early 2017. When the promotional period ends, a consumption-based pricing model will kick in, said Krishnamurthy.

According to the Azure AD B2C product page, the first 50,00 stored users and authentications per month will remain free. The following 950,000 users and authentications will each be charged $0.0011 and $0.0028, respectively (East US 2 Azure region), with prices falling from there as those figures hit 9 million, 40 million and 50 million. Multifactor authentication (MFA) costs a flat fee of 3 cents per authentication.

Separately, Microsoft announced that the per-app MFA and network location policies are generally available in the Conditional Access feature for Azure AD premium.

The new capabilities allow administrators to set access restrictions on Office 365 and other apps by requiring that users always employ multi-factor authentication to log in or use it when they aren't at work. Organizations can also use the features to block access if they stray from the premises.

"The MFA and Network Location policies are applied across all devices," Alex Simons, Microsoft Identity Division's director of program management, said in a July 28 announcement. "For example, admins can create a Conditional Access policy for SharePoint that requires users to be on their corporate network to access the service."

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...