I'd like to use the Power BI AD Content Pack to report against B2C tenants in addition to (or instead of) "real" Azure AD tenants. Is B2C supported as a source for reporting purposes?
No, it is not possible to get Azure AD Activity Log Power BI Content Pack for a B2C tenant.
Related
I understand that Azure AD B2C has an equivalent in AWS, which is AWS Cognito User Pool.
But it seems there is nothing equivalent to the Azure AD B2B. Is my understanding correct?
With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization
Guest users sign-in to your apps and services with their own work, school, or social identities
There is no equivalent feature in AWS to Azure AD B2B
We need to move users from an on-premise Active Directory on Windows Server (not Azure Active Directory) to Azure AD B2C. But, we're having difficulty in trying to figure out how to read the user data from the AD using Azure products.
We're thinking about using one of the following Azure products to read from on-premise AD, but it's surprisingly difficult to find if this is possible or not, much less how to do it:
Azure Data Factory
Azure Logic App
Microsoft Power Platform Dataverse (formerly Common Data Service)
Power BI Data Flows
Note: We can't use Azure AD Connect to migrate the users because that tool isn't designed to work with B2C. Reference Microsoft's Azure AD B2C: Frequently asked questions (FAQ).
The Microsoft article Migrate users to Azure AD B2C says that a script needs to be written that uses the Microsoft Graph API to create user accounts in Azure AD B2C. But the article doesn't give advice on how to access the source data, which in our case is AD.
There is no out-of-box Azure product/solution that connects to on-prem AD. Maybe there is a way which requires you create custom connector and custom API for querying AD users. See this post.
The quickest way is using PowerShell cmdlet Get-ADUser to export the AD users and then import them into Azure B2C via Microsoft Graph Create User.
I am trying to use a Azure AD Graph differential query or Microsoft Graph delta query to find changes in users within an Azure AD B2C tenant.
For example:
GET https://graph.microsoft.com/v1.0/users/delta
GET https://graph.windows.net/{tenantId}/users/?api-version=1.6&deltaLink=
Both result in:
Request_UnsupportedQuery
Change enumeration is not supported for requested tenant.
What is a supported tenant?
Differential query is an enterprise feature rather than a B2C one -- which is why it isn't available in an Azure AD B2C tenant.
Alternatively, you can access the audit logs in the Azure AD B2C tenant for the CRUD operations on users, using the Azure AD Reporting API.
It seems that they are not supported in Azure AD B2C, I can reproduce your issue, if I use it with a normal Azure AD tenant, it works fine.
Currently, we are using Azure AD B2C in one of our website and we want to enable the conditional access policy for our users. I want to know whether we can able to use the conditional access policy and other AD features for Azure AD B2C users or not?
Currently, conditional access is an Azure AD Premium feature, so it isn't available for Azure AD B2C.
According to the Azure AD B2C FAQ:
Can I use Azure AD Connect to migrate consumer identities that are stored on my on-premises Active Directory to Azure AD B2C?
Azure AD Connect is not designed to work with Azure AD B2C...
Then why is it displayed here? And what can you do with Azure AD Connect and B2C then?
The displaying of that link implies there's a relationship between the two of them (to me at least).
The FAQ is correct in stating that Azure AD Connect is not supported with Azure AD B2C along with several other features of regular Azure AD.
These features show up in the Users and Groups blade because that blade was built primarily for regular Azure AD. There is work underway so that this blade understands it's running in the Azure AD B2C context and only shows applicable features.
Then why is it displayed here?
This is because that when you want to manager users and groups in Azure AD B2C, you must use Azure AD to manage it. Azure AD B2C cannot leave Azure AD. When you are using Azure AD B2C, you would have used Azure AD to authenticate Identity. As #Saca said, that blade was for Azure AD.
And what can you do with Azure ADConnect and B2C then?
That FAQ is right, but you can still use Azure Connect to sync on-premise users to Azure AD. You can also use the synced users accounts to login Azure AD B2C. But after syncing , the user name would changed to .onmicrosoft.com.
If you still want use your local account email address for the synced username, you can refer to this document and this official support article.