Skip to content

Using Microsoft Entra (Azure) B2B integration

Sophos ZTNA integrates with Microsoft Entra (Azure) B2B (Business to Business) to provide an easy way to manage guest users and user groups and control their access to your apps.

Here are some of the features that Microsoft Entra (Azure) B2B integration offers.

Main features

If you follow the steps in this guide, you'll have these features.

External identities

You can use Microsoft Entra ID (Azure AD) to give access to users outside the organization.

Guest users don't need credentials within the main organization to access apps. Microsoft Entra ID (Azure AD) supports email IDs from Gmail, Yahoo, and others.

Authentication

Microsoft Entra ID (Azure AD) handles the complete authentication process. Neither your organization nor the guest users need to do anything.

Guest groups always up to date

If you've set up ZTNA as described in Setup, any change you make in your user groups in Microsoft Entra ID (Azure AD) is synchronized automatically with Sophos ZTNA. This ensures that guest users don't retain their access after you remove them.

Advanced features

Microsoft Entra (Azure) B2B integrations offer advanced features for more flexible access control. Follow our links to the Microsoft Entra (Azure) documentation to find out more.

Multi-factor authentication

Microsoft Entra ID (Azure AD) supports multi-factor authentication (MFA). The following types of MFA are available.

  • Microsoft authenticator app
  • Windows Hello for Business
  • OATH token (hardware and software)
  • FIDO2 security key
  • Voice call
  • SMS

See Secure user sign-in events with Microsoft Entra ID (Azure AD) Multi-Factor Authentication.

Self-service sign-up

You can create a self-service sign-up user flow for external users. You can use APIs to set it up.

See Self-service sign-up.

Independent access control

Using Microsoft Entra ID (Azure AD) helps app owners and group owners to manage access independently. They can add users for their own app without giving access to other apps in the organization.

See How users in your organization can invite guest users to an app.