{"id":1575,"date":"2015-11-02T11:55:56","date_gmt":"2015-11-02T17:55:56","guid":{"rendered":"https:\/\/www.identityblog.com\/?p=1575"},"modified":"2015-11-03T06:01:29","modified_gmt":"2015-11-03T12:01:29","slug":"introducing-microsoft-azure-active-directory-b2c","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1575","title":{"rendered":"Azure Active Directory B2C is now in public preview"},"content":{"rendered":"<p>For the last several years I&#8217;ve been working on a new technology and\u00a0capability that we are calling &#8220;<a href=\"https:\/\/azure.microsoft.com\/en-gb\/services\/active-directory-b2c\/\">Azure Active Directory B2C<\/a>.&#8221;\u00a0\u00a0 I&#8217;m delighted that I&#8217;m finally able to\u00a0tell you\u00a0about it, and share the ideas behind it.<\/p>\n<p>For me it is the next step in the journey to give individual consumers, enterprises and governments the identity systems they need in this period of\u00a0continuously more\u00a0digital interaction and increasing\u00a0threats\u00a0to our security and privacy.<\/p>\n<p>I don&#8217;t normally put official Microsoft\u00a0content on these pages, but given how\u00a0important the\u00a0B2C\u00a0initiative is, how closely I&#8217;ve been involved,\u00a0and how well it has been received, I\u00a0think it makes sense to show you Microsoft&#8217;s announcement about &#8220;B2C Basic&#8221;.\u00a0\u00a0It appeared on\u00a0the\u00a0<a href=\"https:\/\/blogs.technet.com\/b\/ad\/archive\/2015\/09\/09\/azure-ad-b2c-and-b2b-are-now-in-public-preview.aspx\">Azure Active Directory Blog<\/a>.\u00a0 Stuart Kwan\u00a0does a\u00a0great\u00a0job of introducing you to the product.<\/p>\n<p>I hope you&#8217;ll take a look at\u00a0his introduction. \u00a0I&#8217;ll be posting a number of pieces\u00a0which expand on it &#8211; exploring issues we faced, giving you the background on\u00a0the thinking behind the\u00a0architecture and implementation, and telling you about the &#8220;B2C Premium&#8221; offering that is coming soon. I think the combination of Basic&#8217;s accessibility and Premium&#8217;s feature completeness really offers\u00a0a new paradigm and\u00a0amazing opportunities\u00a0for everyone.<\/p>\n<div style=\"margin-left: 3em;\">\n<h2>Introducing Microsoft Azure Active Directory B2C<\/h2>\n<p><strong>By Stuart Kwan<\/strong><\/p>\n<p>With <strong>Azure Active Directory B2C<\/strong> we&#8217;re extending Azure AD to address consumer identity management for YOUR applications:<\/p>\n<div style=\"margin-left: 3em;\">\n<ul>\n<li><strong>Essential identity management for web, PC, and mobile apps:<\/strong> Support sign in to your application using popular social networks like Facebook or Google, or create accounts with usernames and passwords specifically for your application. Self-service password management and profile management are provided out of the box. Phone-based multi-factor authentication enables an extra measure of protection.<\/li>\n<li><strong>Highly customizable and under your control:<\/strong> Sign up and sign in experiences are in the critical path of the most important activities in your applications. B2C gives you a high degree of control over the look and feel of these experiences, while at the same time reducing the attack surface area of your application \u2013 you never have to handle a user&#8217;s password. Microsoft is completely under the covers and not visible to your end users. Your user data belongs to you, not Microsoft, and is under your control.<\/li>\n<li><strong>Proven scalability and availability:<\/strong> Whether you have hundreds of users or hundreds of millions of users, B2C is designed to handle your load, anywhere in the world. Azure AD is deployed in more than two dozen datacenters, and services hundreds of millions of users with billions of authentications per day. Our engineers monitor the service 24\/7.<\/li>\n<li><strong>Unique user protection features:<\/strong> Microsoft invests deeply in protection technology for our users. We have teams of domain experts that track the threat landscape. We&#8217;re constantly monitoring sign up and sign in activity to identify attacks and adapt our protection mechanisms. With B2C we&#8217;ll apply these anomaly, anti-fraud, and account compromise detection systems to your users.<\/li>\n<li><strong>Pay as you go:<\/strong> Azure Active Directory is a global service benefiting from tremendous economies of scale, allowing us to pass these savings along to you. We offer the B2C service on a consumption basis &#8211; you only pay for the resources that you use. Developers can take advantage of the free tier of the service when building their application.<\/li>\n<\/ul>\n<\/div>\n<p>B2C uses the same familiar programming model of Azure Active Directory. You can quickly and easily connect your application to B2C using industry standards OAuth 2.0 and OpenID Connect for authentication, and OData v3 for user management via our Graph API. Web app, web API, mobile and PC app scenarios are fully supported. The same open source libraries that are used with Azure Active Directory can be used with B2C to accelerate development.<\/p>\n<p>If you want, you can <a href=\"http:\/\/azure.microsoft.com\/trial\/get-started-aad-b2c\/\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">get started right now<\/span><\/span><\/a>! The rest of this post takes a look at how B2C works in detail.<\/p>\n<h2>How it works<\/h2>\n<p>The best way to describe B2C is to see it in action. Let&#8217;s look at an example. Our heroes, Proseware, have a consumer-facing web site. The site uses B2C for identity management. In this case that means sign in, and user self-service sign up, profile management, and password reset. Here&#8217;s the Proseware homepage:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca1.png\" alt=\" \" \/><\/p>\n<p>A new user would click <strong>sign up<\/strong> to create a new account. They have the choice of creating an account using Google, Facebook, or by creating a Proseware account:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca2.png\" alt=\" \" \/><\/p>\n<p>One quick note. The Microsoft button doesn&#8217;t work yet, but it will soon. It isn&#8217;t available at the start of the preview as we have more work to do in our <a href=\"https:\/\/blogs.technet.com\/b\/ad\/archive\/2015\/08\/12\/azure-ad-microsoft-account-preview-sign-in-personal-and-work-accounts-using-a-single-stack.aspx\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">converged programming model<\/span><\/span><\/a> before we enable this.<\/p>\n<p>What&#8217;s a Proseware account? As it turns out, there are many people out there who don&#8217;t always want to use a social account to sign in. You probably have your own personal decision tree for when you use your Facebook, Google, Microsoft or other social account to sign in, or when you create an account specifically for a site or app. In B2C a Proseware account is what we call a <strong>local account<\/strong>. It&#8217;s an account that gets created in the B2C tenant using an email address or a flat string as a username, and a password that is stored in the tenant. It&#8217;s local because it only works with apps registered in your B2C tenant. It can&#8217;t be used to sign in to Office 365, for example.<\/p>\n<p>If a person decides to sign up with a social account, B2C uses information from the social account to pre-fill the user object that will be created in the B2C tenant, and asks the user for any other attributes configured by the developer:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca3.png\" alt=\" \" \/><\/p>\n<p>Here we can see the user is also asked to enter a Membership Number and Offering Type. These are custom attributes the Proseware developer has added to the schema of the B2C tenant.<\/p>\n<p>If a person decides to sign up with a Proseware account, B2C gathers the attributes configured by the developer plus information needed to create a local account. In this case the developer has configured local accounts using email as username, so the person signing up is also asked to verify their email address:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca4.png\" alt=\" \" \/><\/p>\n<p>B2C takes care of verifying the person signing up has control of that email address before allowing them to proceed. Voila, the user is signed up and signed in to Proseware!<\/p>\n<p>You might ask yourself, how much code did I need to write to make this elaborate sign up screen? Actually, almost none. The sign up page is being rendered by Azure AD B2C, not by the Proseware application. I didn&#8217;t have to write any code at all for the logic on that page. I only had to write the HTML and CSS so the page rendered with a Proseware look and feel. The logic for verifying the user&#8217;s email address and everything else on the page is B2C code. All I had to do was send an OpenID Connect request to B2C requesting the user sign up flow. I&#8217;ll go into more detail on this later when I talk about how I wrote the app and configured the B2C tenant.<\/p>\n<p>Let&#8217;s look at a return visit. The user returns and clicks <strong>sign-in<\/strong>:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca5.jpg\" alt=\" \" \/><\/p>\n<p>If the user clicks one of the social network providers, B2C will direct the person to the provider to sign in. Upon their return B2C also picks up attributes stored in the directory and returns them to the app, signing the user in.<\/p>\n<p>If the user clicks the Proseware account button, they&#8217;ll see the local account sign in page, enter their name and password, and sign in:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca6.png\" alt=\" \" \/><\/p>\n<p>That&#8217;s it! Now I&#8217;ll show you how I built this example.<\/p>\n<h2>Configuring Azure AD B2C<\/h2>\n<p>Step one was to get an Azure AD B2C tenant. You can do this by going to the Azure AD section of the Azure management portal and creating a B2C tenant (for a shortcut, see the <a href=\"http:\/\/azure.microsoft.com\/trial\/get-started-aad-b2c\/\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">B2C getting started page<\/span><\/span><\/a>). B2C tenants are a little different from regular Azure AD tenants. For example, in a regular tenant, by default users can see each other in the address book. That&#8217;s what you&#8217;d expect in a company or school \u2013 people can look each other up. In a B2C tenant, by default users cannot see each other in the address book. That&#8217;s what you&#8217;d expect \u2013 your consumer users shouldn&#8217;t be able to browse each other!<\/p>\n<p>Once you have a B2C tenant, you register applications in the tenant and configure <strong>policies<\/strong> which drive the behavior of sign in, sign up, and other user experiences. Policies are the secret sauce of Azure AD B2C. To configure these policies, you jump through a link to the new Azure management portal:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca7.png\" alt=\" \" \/><\/p>\n<p>This is also the place where you find controls for setting up applications, social network providers, and custom attributes. I&#8217;m going to focus on sign up policy for this example. Here&#8217;s the list of sign up policies in the tenant. You can create more than one, each driving different behavior:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca8.png\" alt=\" \" \/><\/p>\n<p>For the Proseware example I created the <strong>B2C_1_StandardSignUp<\/strong> policy. This policy allows a user to sign up using Facebook, Google, or email-named local accounts:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca9.png\" alt=\" \" \/><\/p>\n<p>In sign up attributes I indicated what attributes should be gathered from the user during sign up. The list includes custom attributes I created earlier, Membership Number and Offering Type:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca10.png\" alt=\" \" \/><\/p>\n<p>When a user completes sign up they are automatically signed in to the application. Using Application Claims I select what attributes I want to send to the application from the directory at that moment:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca11.png\" alt=\" \" \/><\/p>\n<p>I&#8217;m not using multifactor authentication in this example, but if I did it&#8217;s just a simple on\/off switch. During sign up the user would be prompted to enter their phone number and we would verify it in that moment.<\/p>\n<p>Finally, I configured user experience customizations. You might have noticed that the sign up and sign-in experiences have a Proseware look and feel, and there isn&#8217;t much if any visual evidence of Microsoft or Azure AD. We know that for you to build compelling consumer-facing experiences you have to have as much control as possible over look and feel, so B2C is very customizable even in this initial preview. We do this by enabling you to specify HTML and CSS for the pages rendered by B2C. Here&#8217;s what the sign up page would look like with the default look and feel:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca12.png\" alt=\" \" \/><\/p>\n<p>But if I configure a B2C with a URL to a web page I created with Proseware-specific look and feel:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca13.png\" alt=\" \" \/><\/p>\n<p>Then the sign up experience looks like this:<\/p>\n<p><img src=\"https:\/\/www.identityblog.com\/wp-content\/images\/2015\/11\/091715_0049_AzureADB2Ca14.png\" alt=\" \" \/><\/p>\n<p>You can probably imagine a number of different approaches for this kind of customization. We&#8217;re partial to this approach, as opposed to say an API-based approach, because it means our servers are responsible for correct handling of things like passwords, and our protection systems can gather the maximum signal from the client for anomaly detection. In an API-based approach, your app would need to gather and handle passwords, and some amount of valuable signal would be lost.<\/p>\n<p>One quick side note. In the initial preview it is possible to do HTML\/CSS customization of all the pages except the local account sign in page. That page currently supports Azure AD tenant-branding style customization. We&#8217;ll be adding the HTML\/CSS customization of the sign in page before GA. Also, we currently block the use of JavaScript for customization, but we expect to enable this later.<\/p>\n<p>That&#8217;s a quick look at how I set up a sign up policy. Configuring other policies like sign in and profile management is very similar. As I mentioned earlier, you can create as many policies as you want, so you can trigger different behaviors even within the same app. How to do that? By requesting a specific policy at runtime! Let&#8217;s look at the code.<\/p>\n<h2>Building an app that uses B2C<\/h2>\n<p>The programming model for Azure AD B2C is super simple. Every request you send to B2C is an OAuth 2.0 or OpenID Connect request with one additional parameter, the policy parameter &#8220;p=&#8221;. This instructs B2C which policy you want to apply to the request. When someone clicks the sign up button on the Proseware web app, the app sends this OpenID Connect sign-in request:<\/p>\n<p>GET \/prosewareb2c.onmicrosoft.com\/oauth2\/v2.0\/authorize?<br \/>\nresponse_type=id_token&amp;<br \/>\nclient_id=9bdade37-a70b-4eee-ae7a-b38e2c8a1416&amp;<br \/>\nredirect_uri=https:\/\/proseware.skwantoso.com\/auth\/openid\/return&amp;<br \/>\nresponse_mode=form_post&amp;<br \/>\nnonce= WzRMD9LC95HeHvDz&amp;<br \/>\nscope=openid&amp;<br \/>\np=b2c_1_standardsignup<br \/>\nHTTP\/1.1<\/p>\n<p>The policy parameter in this example invokes the sign up policy called b2c_1_standardsignup. The OpenID Connect response contains an id_token as usual, carrying the claims I configured in the policy:<\/p>\n<p>POST <a href=\"https:\/\/proseware.skwantoso.com\/auth\/openid\/return\" class=\"broken_link\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">https:\/\/proseware.skwantoso.com\/auth\/openid\/return HTTP\/1.1<\/span><\/span><\/a><\/p>\n<p>id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IklkVG9rZW5TaWduaW5nS2V5Q29udGFpbmVyIn0.eyJleHAiOjE0NDIxMjc2OTYsIm5iZiI6MTQ0MjEyNDA5NiwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2Q3YzM3N2RiLWY2MDktNDFmMy1iZTA5LTJiNzNkZWZkNDhhMC92Mi4wLyIsImFjciI6ImIyY18xX3N0YW5kYXJkc2lnbnVwIiwic3ViIjoiTm90IHN1cHBvcnRlZCBjdXJyZW50bHkuIFVzZSBvaWQgY2xhaW0uIiwiYXVkIjoiOWJkYWRlMzctYTcwYi00ZWVlLWFlN2EtYjM4ZTJjOGExNDE2Iiwibm9uY2UiOiJXelJNRDlMQzk1SGVIdkR6IiwiaWF0IjoxNDQyMTI0MDk2LCJhdXRoX3RpbWUiOjE0NDIxMjQwOTYsIm9pZCI6IjJjNzVkMWQ1LTU5YWYtNDc5Yi1hOWMzLWQ4NDFmZjI5ODIxNiIsImVtYWlscyI6WyJza3dhbkBtaWNyb3NvZnQuY29tIl0sImlkcCI6ImxvY2FsQWNjb3VudEF1dGhlbnRpY2F0aW9uIiwibmFtZSI6IlN0dWFydCBLd2FuIiwiZXh0ZW5zaW9uX01lbWJlcnNoaXBOdW1iZXIiOiIxMjM0IiwiZXh0ZW5zaW9uX09mZmVyaW5nVHlwZSI6IjEifQ.cinNfuoMCU4A2ZeeHBKLxAuc8B7UPKwd9sKngxQO8jy19ky3cAHhTJljO0KL7oQ1P5yMFQYs9i4hAun3mmL5hPyC3N7skjU9R0rYl91Ekk7QTlrYgDpGDp5uCF7eA-iWQr0Bmw8oUTYGpjrKfuQP2x8DFxiGgmFqkqz0a20-oy1R6Qr9PaSzr2r8KtjplPX97ADerKIBpdTeLRPmKILWqEDKzoG-bU40LULvPRdvA4yh4nlhRhn4CNUmjZfMWnBcCR3I6jBPl2M3qHQ10DoNXNe2qzL8GalzuMYNnG92OrUppZ5hmXRUXW9yrIRRzDGcERfRyrbyFuYPfu1JJBSTCA<\/p>\n<p>Decoding the id_token from the response yields:<\/p>\n<p>{<br \/>\ntyp: &#8220;JWT&#8221;,<br \/>\nalg: &#8220;RS256&#8221;,<br \/>\nkid: &#8220;IdTokenSigningKeyContainer&#8221;<br \/>\n}.<br \/>\n{<br \/>\nexp: 1442127696,<br \/>\nnbf: 1442124096,<br \/>\nver: &#8220;1.0&#8221;,<br \/>\niss: &#8220;https:\/\/login.microsoftonline.com\/d7c377db-f609-41f3-be09-2b73defd48a0\/v2.0\/&#8221;,<br \/>\nacr: &#8220;b2c_1_standardsignup&#8221;,<br \/>\nsub: &#8220;Not supported currently. Use oid claim.&#8221;,<br \/>\naud: &#8220;9bdade37-a70b-4eee-ae7a-b38e2c8a1416&#8221;,<br \/>\nnonce: &#8220;WzRMD9LC95HeHvDz&#8221;,<br \/>\niat: 1442124096,<br \/>\nauth_time: 1442124096,<br \/>\noid: &#8220;2c75d1d5-59af-479b-a9c3-d841ff298216&#8221;,<br \/>\nemails: [<br \/>\n<a href=\"mailto:skwan@microsoft.com\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">skwan@microsoft.com<\/span><\/span><\/a><br \/>\n],<br \/>\nidp: &#8220;localAccountAuthentication&#8221;,<br \/>\nname: &#8220;Stuart Kwan&#8221;,<br \/>\nextension_MembershipNumber: &#8220;1234&#8221;,<br \/>\nextension_OfferingType: &#8220;1&#8221;<br \/>\n}<\/p>\n<p>Here you can see the usual claims returned by Azure Active Directory and also a few more. The custom attributes I added to the directory and requested of the user during sign up are returned in the token as extension_MembershipNumber and extension_OfferingType. You can also see the name of the policy that generated this token in the acr claim. By the way, we are in the process of taking feedback on claim type names and aligning ourselves better with the standard claim types in the OpenID Connect 1.0 specification. You should expect things to change here during the preview.<\/p>\n<p>Since Azure AD B2C is in fact, Azure AD, it has the same programming model as Azure AD. Which means full support for web app, web API, mobile and PC app scenarios. Data in the directory is managed with the REST Graph API, so you can create, read, update, and delete objects the same way you can in a regular tenant. And this is super important \u2013 you can pick and choose what features and policies you want to use. If you want to build the user sign up process entirely yourself and manage users via the Graph API, you can absolutely do so.<\/p>\n<p>B2C conforms to Azure AD&#8217;s next generation app model, the v2 app model. To build your application you can make protocol calls directly, or you can use the latest Azure Active Directory libraries that support v2. To find out more visit the <a href=\"https:\/\/azure.microsoft.com\/documentation\/articles\/active-directory-b2c-overview\/\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">B2C section of the Azure AD developer guide<\/span><\/span><\/a> \u2013 we&#8217;ve got quickstart samples, libraries, and reference documentation waiting for you. Just for fun, I built the Proseware example using Node.js on an Ubuntu Linux virtual machine running on Microsoft Azure (shout out to @brandwe for helping me with the code!).<\/p>\n<h2>How much will it cost?<\/h2>\n<p>B2C will be charged on a consumption basis. You pay only for the resources you use. There will be three meters, billed monthly:<\/p>\n<ol>\n<li>Number of user accounts in the directory<\/li>\n<li>Number of authentications<\/li>\n<li>Number of multi-factor authentications<\/li>\n<\/ol>\n<p>An authentication is defined as any time an application requests a token for a resource and successfully receives that token (we won&#8217;t charge for unsuccessful requests). When you consider the OAuth 2.0 protocol, this counts as when a user signs in with a local account or social account, and also when an application uses a refresh token to get a new access token.<\/p>\n<p>You can find the B2C pricing tiers on the <a href=\"http:\/\/azure.microsoft.com\/pricing\/details\/active-directory-b2c\/\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">Azure.com pricing page<\/span><\/span><\/a>. There will be a free tier for developers who are experimenting with the service. The current B2C preview is free of charge and preview tenants are capped at 50,000 users. We can raise that cap for you on a case by case basis if you <a href=\"mailto:aadb2cpreview@microsoft.com\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">contact us<\/span><\/span><\/a>. We&#8217;ll lift the cap when billing is turned on. Do you have hundreds of millions of users? No problem. Bring &#8217;em on!<\/p>\n<h2>What&#8217;s next<\/h2>\n<p>We&#8217;ve already worked with many developers to build apps using Azure AD B2C as part of a private preview program. Along the way we&#8217;ve gathered a healthy backlog of features:<\/p>\n<ol>\n<li>Full UX customization: Not just the aforementioned HTML\/CSS customization of the local account sign in page, but also the ability to have your URL appear in the browser for every page rendered by B2C. That will remove the last visible remnant of Microsoft from the UX.<\/li>\n<li>Localization: Of course you have users all over the world speaking many languages. Sign in, sign up, and other pages need to render appropriately using strings you provide in the languages you want to support.<\/li>\n<li>Token lifetime control: The ability to control the lifetimes of Access Tokens, ID Tokens and Refresh Tokens is important both for user experience and for you to tune your consumption rate.<\/li>\n<li>A hook at the end of sign up: A number of people have said they want the ability to check a user who is signing up against a record in a different system. A little hook at the end of sign up would allow them to do this, so we&#8217;re considering it.<\/li>\n<li>Support for more social networks.<\/li>\n<li>Support for custom identity providers: This would be the ability to, say, add an arbitrary SAML or OpenID Connect identity provider to the tenant.<\/li>\n<li>A variety of predefined reports: So that you can review the activity in your tenant at a glance and without having to write code to call an audit log API.<\/li>\n<li>And more, this is just a fraction of the list\u2026<\/li>\n<\/ol>\n<p>You can track our progress by following the What&#8217;s New topic in the B2C section of the Azure AD developer guide, which you can find in the <a href=\"http:\/\/azure.microsoft.com\/documentation\/services\/active-directory-b2c\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">documentation pages<\/span><\/span><\/a> and also by following this blog.<\/p>\n<p>By the way, the proper name of this preview is the Azure Active Directory B2C <strong>Basic<\/strong> preview. We&#8217;re planning a Premium offering as well, with features that take policies to the next level. But that&#8217;s for another blog post!<\/p>\n<h2>Please write us<\/h2>\n<p>We&#8217;re eager to hear your feedback! We monitor <a href=\"http:\/\/stackoverflow.com\/questions\/tagged\/azure-active-directory\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">stackoverflow<\/span><\/span><\/a> (tag: azure-active-directory) for development questions. If you have a feature suggestion, please post it in the <a href=\"http:\/\/feedback.azure.com\/forums\/169401-azure-active-directory\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">Azure Active Directory User Voice<\/span><\/span><\/a> site and put &#8220;AADB2C:&#8221; in the title of your suggestion.<\/p>\n<p>Stuart Kwan (Twitter: <a href=\"https:\/\/twitter.com\/StuartKwan\"><span style=\"text-decoration: underline;\"><span style=\"color: #0066cc;\">@stuartkwan<\/span><\/span><\/a>)<br \/>\nPrincipal Program Manager<br \/>\nAzure Active Directory<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>For the last several years I&#8217;ve been working on a new technology and\u00a0capability that we are calling &#8220;Azure Active Directory B2C.&#8221;\u00a0\u00a0 I&#8217;m delighted that I&#8217;m finally able to\u00a0tell you\u00a0about it, and share the ideas behind it. For me it is the next step in the journey to give individual consumers, enterprises and governments the identity &hellip; <a href=\"https:\/\/www.identityblog.com\/?p=1575\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Azure Active Directory B2C is now in public preview<\/span><\/a><\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[12,37,6,86,8],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1575"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1575"}],"version-history":[{"count":13,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1575\/revisions"}],"predecessor-version":[{"id":1588,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1575\/revisions\/1588"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}