Supported Microsoft Entra ID features

An Azure Active Directory B2C (Azure AD B2C) tenant is different than a Microsoft Entra tenant, which you may already have, but it relies on it. The following Microsoft Entra ID features can be used in your Azure AD B2C tenant.

Feature Microsoft Entra ID Azure AD B2C
Groups Groups can be used to manage administrative and user accounts. Groups can be used to manage administrative accounts. You can't perform group-based assignment of enterprise applications.
Inviting External Identities guests You can invite guest users and configure External Identities features. You can invite only a Microsoft Entra user as a guest to your Microsoft Entra tenant for accessing applications or managing tenants. For consumer accounts, you use Azure AD B2C user flows and custom policies to manage users and sign-up or sign-in with external identity providers.
Roles and administrators Fully supported for administrative and user accounts. Roles are not supported with consumer accounts. Consumer accounts don't have access to any Azure resources.
Custom domain names You can use Microsoft Entra custom domains for administrative accounts only. Consumer accounts can sign in with a username, phone number, or any email address.
Conditional Access Fully supported for administrative and user accounts. A subset of Microsoft Entra Conditional Access features is supported with consumer accounts
Premium P1 Fully supported for Microsoft Entra ID P1 features. For example, Password Protection, Hybrid Identities, Conditional Access, Dynamic groups, and more. Azure AD B2C uses Azure AD B2C Premium P1 license, which is different from Microsoft Entra ID P1. A subset of Microsoft Entra Conditional Access features is supported with consumer accounts.
Premium P2 Fully supported for Microsoft Entra ID P2 features. For example, Identity Governance. Azure AD B2C uses Azure AD B2C Premium P2 license, which is different from Microsoft Entra ID P2. A subset of Microsoft Entra ID Protection features is supported with consumer accounts.
Data retention policy Data retention period for both audit and sign in logs depend on your subscription. Learn more about How long Microsoft Entra ID store reporting data. Sign in and audit logs are only retained for seven (7) days. If you require a longer retention period, use the Azure monitor.

Note

Other Azure resources in your tenant:
In an Azure AD B2C tenant, you can't provision other Azure resources such as virtual machines, Azure web apps, or Azure functions. You must create these resources in your Microsoft Entra tenant.