022: Stop issuing on-prem accounts for new external users
Overview
Use Entra ID B2B collaboration for new external Identities (business partners and guests). B2B accounts offer several benefits over local guest accounts for managing external collaborations:
-
Single Sign-On (SSO) and Better User Experience for collaborators: B2B accounts allow external partners who also have Entra ID to use their existing credentials to access resources. This is more convenient for the users from other as they don't have to remember additional login information and can utilize SSO for a seamless experience. B2B also allows collaboration with external organizations that don't have Entra ID
-
Reduced overhead of managing guest credentials: When using B2B accounts, your organization does not need to manage guest user credentials. This significantly reduces the IT administrative overhead associated with credential provisioning, and reset.
-
Cloud-native tools to govern lifecycle: Entra ID provides cloud-native identity governance capabilities that you can deploy and configure to control the lifecycle of the guest accounts. Examples include access reviews and access packages.
-
Streamline Security Controls: Cross-tenant access settings allow you to configure whether to trust the MFA or device claims for external organizations that are also in Entra ID. In the context of zero trust, the device health claim from external organizations is an important consideration.