Exciting improvements to the B2B collaboration experience
More and more organizations are using Azure AD B2B collaboration capabilities to connect with other organizations. And we have been hard at work making B2B experiences smoother and better than ever before so these organizations and their partner users can work together easily, intuitively, and securely!
Today, Im incredibly excited to announce three important improvements to the B2B collaboration experience that not only improve the end-to-end experience of partner users accessing your resources, but also help support your organizations obligations under the GDPR.
1. No need to click on the invitation email!
Okay, first things first, Im sure those of you who have used Azure B2B Collaboration capabilities are very familiar with the current B2B invitation experience. Right now, this experience requires your partner users to click on a link in an invitation email to accept their invitation and access your resources.
While this experience has generally worked well, we heard from some of our customers that, at times, the email wasnt delivered due to restrictive ISP settings, or their partner user didnt realize it was mandatory to click on the link in the email to successfully access their resources. This would result in access failures, troubleshooting, and eventually the need to raise support tickets. So, we decided to do something about this issue.
Today I am thrilled to announce that your partner users will no longer have to click on that special link in the invitation email (other than in some special cases*) they can simply access the application youve invited them to.
The first time a guest user accesses your organizations resources, she will interact with a brand new, simple, modernized consent experience. And, upon consent, she will be redirected to the application. So, for example, when you want your partner to access a specific application, you can add them as a guest user to your organization, same as always, and give them access to the application. Then, simply message them a link to the application, and theyre in! They only have to click on the link to the application to immediately access it after giving consent. Its simple and effective, and we hope you try it out today!
2. New UI and consent screen
Speaking of user consent, Im super happy to announce that were entirely revamping the redemption user experience and replacing it with a modern consent experience. This revamp will be very similar to the third-party application consent experience youre used to seeing in Azure AD. Not only is the consent screen simple, its also very clear about the information the user is sending your organization.
Additionally, to help organizations share their privacy policies with end-users at the time of consent, well include a link to the inviting organizations privacy statement on the consent screen. Administrators can go to portal.azure.com in Properties to set the privacy statement URL to be shown to B2B users. This will support your organizations obligations under the GDPR.
In other words, were moving from this redemption screen your partner users are used to seeing:
To this consent screen were announcing today:
3. B2B users can self-service leaving the inviting organization
Finally, a B2B user can now easily leave an organization to which she has been invited, once her relationship with that organization has come to an end. Its no longer necessary to contact an admin of the inviting organization to have her account removed!
These highly-requested capabilities simplify and modernize your collaboration. They also empower your partner users and help you with your GDPR obligations. I hope youre as excited about them as we are to bring them to you!
So dive into the documentation here and here, learn more, and carry on collaborating with your partners with all the convenience and security that Azure AD brings to you!
And as always, connect with us for any feedback, discussions, and suggestions. You know were listening!
Alex Simons (@Twitter:@Alex_A_Simons)
Director of Program Management
Microsoft Identity Division
* You must have an Azure AD account or MSA; if you dont have either, you can create an MSA before first access or use the invitation email. Sometimes the invited user object may not have an email address due to conflict with a contact object. Or the user may be signing in with an alias of the email address invited. In the latter cases, the B2B user will need to click on the invitation redemption link.
Source: EM+S Blog Feed