B2B collaboration overview

B2B collaboration is a feature within Microsoft Entra External ID that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with external users, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Microsoft Entra ID or an IT department.

Diagram illustrating B2B collaboration.

A simple invitation and redemption process lets partners use their own credentials to access your company's resources. Once the external user has redeemed their invitation or completed sign-up, they're represented in your directory as a user object. The user type for these B2B collaboration users is typically set to "guest" and their user principal name contains the #EXT# identifier.

Developers can use Microsoft Entra business-to-business APIs to customize the invitation process or write applications. For licensing and pricing information related to guest users, refer to Microsoft Entra External ID pricing.

Collaborate with any partner using their identities

With Microsoft Entra B2B, the partner uses their own identity management solution, so there's no external administrative overhead for your organization. Guest users sign in to your apps and services with their own work, school, or social identities.

  • The partner uses their own identities and credentials, whether or not they have a Microsoft Entra account.
  • You don't need to manage external accounts or passwords.
  • You don't need to sync accounts or manage account lifecycles.

Manage B2B collaboration with other organizations and clouds

B2B collaboration is enabled by default, but comprehensive admin settings let you control your inbound and outbound B2B collaboration with external partners and organizations:

  • For B2B collaboration with other Microsoft Entra organizations, use cross-tenant access settings. Manage inbound and outbound B2B collaboration, and scope access to specific users, groups, and applications. Set a default configuration that applies to all external organizations, and then create individual, organization-specific settings as needed. Using cross-tenant access settings, you can also trust multi-factor (MFA) and device claims (compliant claims and Microsoft Entra hybrid joined claims) from other Microsoft Entra organizations.

  • Use external collaboration settings to define who can invite external users, allow or block B2B specific domains, and set restrictions on guest user access to your directory.

  • Use Microsoft cloud settings to establish mutual B2B collaboration between the Azure global cloud and Microsoft Azure operated by 21Vianet.

Easily invite guest users from the Microsoft Entra admin center

As an administrator, you can easily add guest users to your organization in the admin center.

  • Create a new guest user in Microsoft Entra ID, similar to how you'd add a new user.
  • Assign guest users to apps or groups.
  • Send an invitation email that contains a redemption link, or send a direct link to an app you want to share.

Screenshot showing the Invite a new guest user invitation entry page.

  • Guest users follow a few simple redemption steps to sign in.

Screenshot showing the Review permissions page.

Use policies to securely share your apps and services

You can use authentication and authorization policies to protect your corporate content. Conditional Access policies, such as multifactor authentication, can be enforced:

  • At the tenant level.
  • At the application level.
  • For specific guest users to protect corporate apps and data.

Screenshot showing the Conditional Access option.

Customize the onboarding experience for B2B guest users

Bring your external partners on board in ways customized to your organization's needs.

Next steps