What’s the difference between Azure AD B2C tenant and normal Azure AD tenant?

by

Azure AD B2C tenant is just for using Azure AD B2C feature. Azure AD B2C feature(not tenant) is just a resource like VM in the normal Azure AD and this feature needs you to switch to B2C tenant to use. We should not use other features which are not related to Azure AD B2C in B2C tenant.

The difference between B2C tenant and normal Azure AD tenant.

The most important difference is the management of users.

  • For normal Azure AD, users’ data is stored(not strictly) in “Users” which you can see it on the Users blade on Azure Active Directory. However, for B2C tenant, users’ data is stored in both “Users” and B2C extension app, which you can see it in App registrations.

  • For normal Azure AD, users are managed in one organization, these users usually mean employees in one organization. However, in B2C tenant, these users are all customers which can access your B2C app.

  • For normal Azure AD, users can be created by clicking “New user” button and this type of users is Member in the tenant. You can also invite users from external by Azure AD B2B and this type of invited users is Guest users. For B2C tenant, users are all members in the tenant. But the types of the user accounts are local account and social account. Local accounts can be created by Sign up or using Azure AD Graph API. It cannot be created by clicking “New user” like a normal Azure AD. Social accounts can only be created by signing up.

Overall, Normal Azure AD tenant is employee-based and the tenant represents an organization. An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. Everyone can sign up the app and access to it. Also, you can make AAD tenant be a social account identity provider for B2C tenant with custom policies. You can refer this documentation to achieve this.

Since I can even use some features in B2C tenant, such as Azure AD Connect, buy a new subscription in B2C tenant and use it and so on, Should I use these features?

The answer is NO, you shouldn’t. Even you can use these features in B2c tenant, we don’t support or suggest you do like this. This is because that you may come across too many issues when using these features and B2C tanant is not designed for these features.

Why gives me these features in the B2C tenant? Why not just uses B2C in normal Azure AD tenant?

  • First, to clarify employee-based users and customers, we need to distinguish them by different tenants. Employee-based users should be managed strictly and in a scope under control. But customers are in public and everyone can access your App resource.

  • Second, authentication logic for 2C is not different from 2B. B2C needs a new identity endpoints which are different from normal Azure AD. Also, B2C tenant needs use custom Identity Experience Framework to achieve more friendly user experience for customers. This is why we cannot use B2C in a normal Azure AD tenant.

  • Third, B2C users may be millions and even more, count of AAD organization users should be much less than B2C users. The backend engine of B2C is different from AAD so that they’re using different hardware.

However, B2C tenant is developed based on Normal Azure AD and it may use other features related AAD to manage. So that you can also see same UI as Normal Azure AD and other features in the B2C tenant.

Above all, you can consider Azure AD B2C is just a feature which you need to switch a directory to use. If you want to use other features, just go to a normal Azure Active Directory.

Reference:
What should we do in Azure AD B2C tenants?

Azure AD B2C: Frequently asked questions (FAQ)

Compare B2B collaboration and B2C in Azure Active Directory

The difference between Azure AD, Azure AD B2B, Azure AD B2C.

Azure AD B2C Password Reset

More Related Contents:

  1. how to get Azure Active Directory B2C working with Bot Framework?
  2. Logging into Azure Ad with Cypress
  3. Why is “Application permissions” disabled in Azure AD’s “Request API permissions”?
  4. How to get the azure account tenant Id?
  5. “Use a tenant-specific endpoint or configure the application to be multi-tenant” when signing into my Azure website
  6. How to add application to Azure AD programmatically?
  7. headless authentication Azure AD b2c
  8. Azure AD Custom Claims in JWT
  9. Can a “User Assigned Managed Identity” be used locally?
  10. Azure AD – Why can’t I validate JWT token issued by Azure AD for my Web API? Getting “IDX10516: Signature validation failed” error
  11. What is the difference between an Azure Web Site and an Azure Web Role
  12. Authorize By Group in Azure Active Directory B2C
  13. How can I delete a leased blob in Microsoft Azure storage
  14. AzureStorage Blob Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature
  15. Publish Multiple Projects to Different Locations on Azure Website
  16. Is there a way to persist chat history in MS Bot Framework Web Chat after a page reload/navigation to another page?
  17. Rewriting a URL in an Azure web app
  18. How do I pause an Azure App Service Plan?
  19. Azure Webjobs vs Azure Functions : How to choose
  20. How to create a sub container in azure storage location
  21. Cosmos DB – Deleting a document
  22. Retrieve the host keys from an azure function app
  23. Is it better to have many small Azure storage blob containers (each with some blobs) or one really large container with tons of blobs?
  24. Differences between Azure Block Blob and Page Blob?
  25. Is it possible to have a link to raw content of file in Azure DevOps
  26. Azure Function with AD auth results in 401 Unauthorized when using Bearer tokens
  27. Blue/Green Deployments with Azure ServiceFabric
  28. Azure Function and storage queue, what to do if function fails
  29. How to authenticate user with Azure Active Directory using OAuth 2.0?
  30. MSAL or ADAL library for use with Azure AD B2C and Xamarin

Leave a Comment