Microft Azure Active Directory and Domain Services (ADDS), and External Users for B2B and B2C
Overview
​
MS Azure Active Directory and Domain Services enables you to do the following important items:
-
Create an internal domain for your company in the cloud
-
Join Virtual Machines that you created in the MS Azure Cloud, to join that domain
-
Create users (user ids and passwords) that have certain access rights to VMS, files, websites, ...
-
Syncing your on premise Active Directory with ADDS in the MS Azure Cloud
​
All the above is needed to create an IT infrastructure in the MS Azure Cloud, that is secure and that controls the access to computers and files.
In fact when you subscribe to MS Office 365, and you don't have a MS Azure account yet, MS Office 365 will create automatically an user id in MS Azure Active Directory for every user in MS Office 365.
​
Sharing information with external parties such as your customers, vendors and subcontractors, speeds up projects, product development, your purchasing, your production and your sales order fulfillment tremendously. The information consists of documents, chatting, discussion forums, weblinks and video calls. All such information is not available in a cloud ERP but, can be made available in MS Office 365, MS Teams, MS Planner, and other MS Office 365 applications. However access needs to be given to external users in MS Azure DIrectory. This can be done as seen below.
​
Again our company will sit with you, discuss your requirements, recommend the best solution, document everything in a MS Sharepoint Portal, implement it, train the right people and maintain it.
​
The next video will give you an overview of ADDS just so that you understand the basics of ADDS.
Set up Azure Active Directory Domain Services
​
Microsoft Azure enables you to set up a domain Controller. Such a domain is necessary to set up an Active Directory where you store the internal Domain Name, the internal users of an internal domain, and user group policies, and enable other computers to join that domain.
In the past when you wanted to set up an internal domain in your office, you had to set up your own server with a domain controller, and then set up the Active Directory with the internal domain users. A computer could join an internal domain if you signed in with an internal domain user id and password. That user could normally see all the other computers of the internal domain.
In 2017 Microsoft set up Azure Active Directory where you can create user ids and give them access rights. You could not join your on premisee computers to the Azure Active Directory. You still still need an Active Directory and Domain Service (ADDS) on a server in your on premise local area network. Too see a video on this, click here. To see more videos on this, click here.
​
In 2018 with MS Azure, you can use the Azure Active Directory Service (ADDS) to do all the above for VMs created in MS Azure. You can use AAD Connect to sync your on premise ADDS server However you need to have always an internet connection.
​
Our company can set all this up for you but, likes to discuss your requirements and IT objectives first. Just click on the Contact Us button in the footer, or call us at 973 244 1470 to discuss it.
​
The video below explains the set up of an Azure Active Directory and Domain Services.
External Users for B2B and B2C
​
You can create external users for B2B and B2C.
​
B2B users would be your business customers, suppliers and subcontractors. Your external party may have also a MS Azure Directory with its own users and email ids. Entering their MS Azure user id in your MS Azure Active Directory will suffice. It the third party doesn't have MS Azure Directory, they need to have a MS user id (eg. myname@outlook.com). Your company will send an email to that email id to invite him/her to join your MS Azure Active Directory. You then can give them access to your Sharepoint Online sites and files.
​
Your B2C users would be consumers who buy your products on your B2C E-Commerce site, Your web app (eg, Cloud ERP), or your mobile app. Those B2C users can not be given access to your files. You keep them in your MS Active Directory to give them access or not to your web app or mobile app.
​
A geat video (12 mins, 2/2018) below wil show you the difference.
B2B External Users
Microsoft has two ways to give access to MS Office 365 for external users B2B. They are:
-
Azure Directory B2B: guest or collaborative users
-
External users
They will be discussed next:
-
Azure Active Directory B2B: collaborative users
-
..​
-
Click here for now. Look at the left menu in the linked website docs.microsoft.com for more information.
-
Regarding licensing, the general rules are as follows:
- Azure AD Free capabilities are available for guest users without additional licensing
- If you want to provide access to paid Azure AD features to B2B users, you must have enough licenses to support those B2B guest users.
- An inviting tenant with an Azure AD paid license has B2B collaboration use rights to an additional five B2B guest users invited to the tenant.
- The customer who owns the inviting tenant must be the one to determine how many B2B collaboration users need paid Azure AD capabilities. Depending on the paid Azure AD features you want for your guest users, you must have enough Azure AD paid licenses to cover B2B collaboration users in the same 5:1 ratio.
- ​​Click here to learn more.​
-
A video will illustrate this.
-
B2C External Users
​
..