Irrespective of the services an organization offers, it has to keep Customer data secure.
From the millions of customers served by an online retailer, to the thousands of students at a university, or the millions who apply for visas or passports, all these organizations have several things in common. Their customers have an account with the organization, with (probably) a password, and a way of resetting it when they forget it. They have a number of darker things in common, too: their accounts within the organization that hosts it, are a target for attackers who either plan to misuse the accounts directly, or as an intermediate step to accessing more interesting, higher privileged accounts.
Organizations have to consider the risks of hosting personal accounts (with their sensitive personal information and passwords), and mitigate this risk. A number of high-profile attacks have shown that even top tier organizations are vulnerable, and that’s not very surprising – why should an organization which is a leader in, say, online retailing or higher education, also have to be world-class in IT security?
One answer is to outsource the problem. Microsoft runs one of the world’s largest systems for managing consumer identities, with assets like Xbox Live, Hotmail and Skype, all exposed permanently to the public internet. They are built to withstand constant attacks, as well as being protected by both human and machine-learning agents to detect and respond to these attacks.
With the B2C functionality in Azure Active Directory, Microsoft makes it possible for organizations to outsource the storage of their consumer accounts, and the workflows involved, such as account creation, password reset and multi-factor authentication. Account storage is achieved by creating a B2C tenant – the experience and permissions for a user account in a B2C tenant are different from the experience of a ‘normal’ user – they have no rights to browse the directory, for example.
The user experience is seamless – the user is redirected to a branded and CSS-styled series of pages for account management which will appear to be hosted by the retailer or university, while in fact being hosted on Microsoft’s Azure Active Directory platform. The advanced Policy Engine allows the user’s experience to be made more relevant by the application of specific policies based on, for example, the age of the user – children may receive extra steps to gather parental permission.
The B2C Tenant is also accessible via the Graph API, so if a developer wants to take matters into their own hands and code their own user experience, the data held in the B2C tenant are easily available to them to read and write.
Microsoft B2C solution is in Public Preview
The Microsoft B2C solution is in Public Preview now. For up to 50,000 customer accounts and up to 50,000 authentications per month it is free – for other pricing see here.
This is just one more example of how the Microsoft’s cloud is offering new solutions to real problems, as opposed to simply shifting old solutions to a hosted environment. For more information about this and other identity and mobility solutions contact us.
In December 2015 we hosted a webinar, with presentations from Microsoft Program Managers Arvind Suthar and Devindra Chainai, about both B2B and B2C solutions with Microsoft Azure Active Directory, which we recorded.
Complete this form to view the webinar now: