Azure B2B Collaboration

Collaboration and its intricacies

Photo by Kaleidico on Unsplash

Exploring Azure Portal

Within your Azure tenant you are presented with a plethora of options which can impact your enterprise as a whole in many different ways. We’ll be exploring the external collaboration portion..

Azure Active Directory > User Settings (Image by author)

External Collaboration

Firstly, we have to highlight that historically there were two ways of identifying an external user within Azure Active Directory (AAD). This would be either as External or as a Guest. The difference being that ‘external’ users whom are in a directory authenticated outside of the home tenant. Guest users were treated as ‘managed guests’ authenticating directly inside the home tenant.

  1. Guest invite settings. Allowing members to invite can alleviate a lot of administrative workload but you will likely want some restrictions in place such as domain restrictions from the subsequent category.
  2. Collaboration restrictions. Now one fundamental finding to note around this setting is that if this is most inclusive (i.e. invitations are allowed to be sent to any domain) yet you are applying a domain restriction at SharePoint then users will still receive an invitation, thus becoming joined to AAD but will not be able to access the resource. Why do we care? That is another user within your environment that could access other less restrictive resources or exploit other configuration loopholes.
Azure Active Directory > User Settings > Manage external collaboration settings (Image by author)

Wrapping up

At the end of the day you have to consider business impact. Whilst enforcing the most rigid security measures may be the what is required of what you may want, there has to be the processes in place that support that. For example, who is going to support the process of managing a non-whitelisted domain and what is the process (from a internal user perspective) of requesting that.

A collection of azure articles and ramblings // Cloud Security Consultant @ Integrity360 // Comments and thoughts are my own

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store