Azure AD – New cross-tenant access (B2B) settings are now available

As you know Azure Active Directory (AAD) provides you with settings to manage B2B (business to business) – also known as cross-tenant or guest – access.

Well, these settings have been updated to provide you a more granular control for inbound and outbound access which can then apply at the organization, user, group or application level.

These updates allow you to trust the security claims of the external Azure AD organization for MFA, device compliance or Azure AD joined devices (including hybrid).

In more details, the inbound access controls allow you to define how external users are authorized to access your tenant, resources and applications. This can be set at the organization level as well as on a more granular level (per user, group or application).

The outbound settings allow you to define which external organization your users can collaborate with; this allows you to have a wide list of external organization but restrict the collaboration with specific ones based on user or group.

To start using these news settings and options, connect to your Azure AD portal (https://aad.portal.azure.com/) and access the Azure Active Directory\External Identities\Cross-tenant access settings blade

image

From there you can configure the default settings (organization level) as well as specific settings per organization

When you want to configure the Organizational settings you will need to obtain the tenant ID or domain name of the external organization; if you have incorrect information you will get the error message immediately “Unable to find tenant”.

If the tenant if found, you will get the organization details to help you confirm this is the correct organization you are looking for.

image  image  image

All settings are quite self-explanatory, so I will let you have look by yourself.

In addition of these updates, you can now also use a workbook to get more insights on guest access in your environment.

This new workbook (Cross-tenant access activity) is available from the Azure Active Directory\Workbooks blade

image

The report will then show you the external tenants your are collaborating with (unfortunately this provides the tenant ID but no additional information like the tenant name or domain).

By selecting one the external tenant in the report, you will then get the details of the applications and users involved.

imagen

Leave a Comment

Your email address will not be published.