Supported Microsoft Entra ID features
An Azure Active Directory B2C (Azure AD B2C) tenant is different than a Microsoft Entra tenant, which you may already have, but it relies on it. The following Microsoft Entra ID features can be used in your Azure AD B2C tenant.
Feature | Microsoft Entra ID | Azure AD B2C |
---|---|---|
Groups | Groups can be used to manage administrative and user accounts. | Groups can be used to manage administrative accounts. You can't perform group-based assignment of enterprise applications. |
Inviting External Identities guests | You can invite guest users and configure External Identities features. | You can invite only a Microsoft Entra user as a guest to your Microsoft Entra tenant for accessing applications or managing tenants. For consumer accounts, you use Azure AD B2C user flows and custom policies to manage users and sign-up or sign-in with external identity providers. |
Roles and administrators | Fully supported for administrative and user accounts. | Roles are not supported with consumer accounts. Consumer accounts don't have access to any Azure resources. |
Custom domain names | You can use Microsoft Entra custom domains for administrative accounts only. | Consumer accounts can sign in with a username, phone number, or any email address. |
Conditional Access | Fully supported for administrative and user accounts. | A subset of Microsoft Entra Conditional Access features is supported with consumer accounts |
Premium P1 | Fully supported for Microsoft Entra ID P1 features. For example, Password Protection, Hybrid Identities, Conditional Access, Dynamic groups, and more. | Azure AD B2C uses Azure AD B2C Premium P1 license, which is different from Microsoft Entra ID P1. A subset of Microsoft Entra Conditional Access features is supported with consumer accounts. |
Premium P2 | Fully supported for Microsoft Entra ID P2 features. For example, Identity Governance. | Azure AD B2C uses Azure AD B2C Premium P2 license, which is different from Microsoft Entra ID P2. A subset of Microsoft Entra ID Protection features is supported with consumer accounts. |
Data retention policy | Data retention period for both audit and sign in logs depend on your subscription. Learn more about How long Microsoft Entra ID store reporting data. | Sign in and audit logs are only retained for seven (7) days. If you require a longer retention period, use the Azure monitor. |
Note
Other Azure resources in your tenant:
In an Azure AD B2C tenant, you can't provision other Azure resources such as virtual machines, Azure web apps, or Azure functions. You must create these resources in your Microsoft Entra tenant.