Skip to content

Enterprise Mobility + Security


Howdy folks,

More and more organizations are using Azure AD B2B collaboration capabilities to connect with other organizations. And we have been hard at work making B2B experiences smoother and better than ever before – so these organizations and their partner users can work together easily, intuitively, and securely!

Today, I’m incredibly excited to announce three important improvements to the B2B collaboration experience that not only improve the end-to-end experience of partner users accessing your resources, but also help support your organizations’ obligations under the GDPR.

1. No need to click on the invitation email!

Okay, first things first, I’m sure those of you who have used Azure B2B Collaboration capabilities are very familiar with the current B2B invitation experience. Right now, this experience requires your partner users to click on a link in an invitation email to accept their invitation and access your resources.

While this experience has generally worked well, we heard from some of our customers that, at times, the email wasn’t delivered due to restrictive ISP settings, or their partner user didn’t realize it was mandatory to click on the link in the email to successfully access their resources. This would result in access failures, troubleshooting, and eventually the need to raise support tickets. So, we decided to do something about this issue.

Today I am thrilled to announce that your partner users will no longer have to click on that special link in the invitation email (other than in some special cases*) – they can simply access the application you’ve invited them to.

The first time a guest user accesses your organization’s resources, she will interact with a brand new, simple, modernized consent experience. And, upon consent, she will be redirected to the application. So, for example, when you want your partner to access a specific application, you can add them as a guest user to your organization, same as always, and give them access to the application. Then, simply message them a link to the application, and they’re in! They only have to click on the link to the application to immediately access it after giving consent. It’s simple and effective, and we hope you try it out today!

2. New UI and consent screen

Speaking of user consent, I’m super happy to announce that we’re entirely revamping the redemption user experience and replacing it with a modern consent experience. This revamp will be very similar to the third-party application consent experience you’re used to seeing in Azure AD. Not only is the consent screen simple, it’s also very clear about the information the user is sending your organization.

Additionally, to help organizations share their privacy policies with end-users at the time of consent, we’ll include a link to the inviting organization’s privacy statement on the consent screen. Administrators can go to portal.azure.com in Properties to set the privacy statement URL to be shown to B2B users. This will support your organization’s obligations under the GDPR.

In other words, we’re moving from this redemption screen your partner users are used to seeing:

 

To this consent screen we’re announcing today:

3. B2B users can self-service leaving the inviting organization

Finally, a B2B user can now easily leave an organization to which she has been invited, once her relationship with that organization has come to an end. It’s no longer necessary to contact an admin of the inviting organization to have her account removed!

These highly-requested capabilities simplify and modernize your collaboration. They also empower your partner users and help you with your GDPR obligations. I hope you’re as excited about them as we are to bring them to you!

So dive into the documentation here and here, learn more, and carry on collaborating with your partners with all the convenience and security that Azure AD brings to you!

And as always, connect with us for any feedback, discussions, and suggestions. You know we’re listening!

Best Regards,

Alex Simons (@Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

 

* To use this feature, the invited user must have an existing Azure AD account or MSA with the email address that was invited. If she doesn’t have either, she can create an MSA before first access or simply use the invitation email. Sometimes the invited user object in the directory may not have an email address due to conflict with a contact object, or the user may be signing in with an alias of the email address invited. In these cases, the B2B user will need to be sent the invitation email and will need to click on the link as before for access. These users will still benefit from the new consent experience described in this post.