Welcome to Microsoft Mechanics. Coming up on the show, if you struggle with identity management and the user sign-in experience for your consumer applications and websites; today we’re going to take a closer look at Azure AD B2C a new service to help you reliably and securely maintain your user account of the b2c applications. We’ll show you the tech behind the scenes that makes it all possible and how you can quickly connect your existing web and mobile apps and allow users to sign-in with social network accounts and configure the service to scale your app to reach millions of consumers globally Microsoft Mechanics I’m joined by Alex Simons whose team has been working on this new service. Alex what’s the main premise of the new Azure AD B2C service? So Simon, what we’re doing with Azure AD B2C is we’re letting you as an app developer use the underpinning under structure we’ve built up for our cloud scale services right the security the worldwide availability the high-availability designs and use those as the underpinnings for your own identity management system for your consumer applications So Alex, can you show us this in action? Yeah sure, let’s go ahead and take a look at a demo. Ok, so this as you can see here is a Proseware app, now this is just fictional but it’s showing you what the service will look like when we use it right? Ok So I’m going to go ahead and sign up for the Proseware service And I do that by just clicking and you can see here I can login with a Google account or my Facebook account but I want to get a new Proseware account so I’m going to click on that and then the first thing you’ll see is I can fill in my email address here to verify that I actually own this e-mail address right? So I put in my account I put in my information and I ask for a verification code and then I’m just gonna go over to my email here get that verification code and this is a nice way to prove that yeah I own the account and all of this is done with no coding right if you’re a developer this whole flow in fact you can see here I’ve got the email it’s been branded with my site all that is taken care for me now I just take this code I put it back into the service and now you as an app developer know hey that’s been verified Let’s take a look here I’m going to put the verification code in. I’m going to verify my code and then I’m going to all the standard things you would expect I’m gonna choose a password make sure I have a display name and then you can see here I’ve got some custom fields like my membership number is custom and offering type is customer as well and then I’m gonna click the button and that’s gonna go ahead and create my account for me and then this just hands back to my application. Now what’s cool about all this is all of that happened inside the Azure AD service I didn’t have to write any of that code as a developer we took care of it all for you and you just get back a token and then use the token to do whatever you want So that’s pretty cool What’s actually happening behind the scenes in order to make all of these things come together? Yeah, that’s a great question. So if I was building an app normally, what I’d do is I’d have my web app and I’d put a database on premise and I put usernames and passwords in the database but the whole premise behind Azure AD B2C is that now I can take and I can move that data store up into the cloud in Azure Active Directory so this has a bunch of benefits to it right? So the first thing is that I can go ahead and I can easily connect it up to Facebook, Google and Microsoft account and the service does all that work for you. You don’t have to know how to connect to those and then if those services ever change in a way that might break your application, well we’ll take care of that and just keep it working for you. So that’s pretty nice benefit the second thing is that we take all of the data and we spread it around our data centers all around the world, right? So no matter where our customers logging in from they get a nice high-speed experience because its local, right? And close but in addition it’s distributed, right? We’ve got copies of your data all around the world. So even if a datacenter burns down we can just reroute traffic to another data center and make sure that your login service is always up and running that’s really very powerful as well and would be a very expensive for you do youself Yeah that’s pretty cool What are we doing from a security angle? For people who are going to want to have this information very secure? Well that’s a great question too. You know today there’s a lot of hacking going on people are constantly trying to get in and get the usernames and passwords and things out of one of these services. So the first thing we do is we offer a multi-factor authentication service, right? So every time the user logs in you can prove well it is the user who you originally thought it was. So that’s a nice addition, right? But even more important than that, we’re taking care of all of the patching of the service were taking care to make sure that the user names and passwords are appropriately protected with encryption and hashes and things like that. Plus we have a really amazing machine learning service that’s watching all of the authentications across Azure Active Directory across your application across the Microsoft account system taking all of that data billions of authentications everyday and using machine learning to detect unusual behavior so hackers coming in from weird places unusual usage patterns people logging into accounts at times of day they usually don’t things like that we can all see it in our machine learning system and then automatically block those anomalous behaviours

so you don’t have to worry about hackers getting into your application Wow, that’s pretty amazing What about if I didn’t want to use all of the social services? Say I just want to use Google and Microsoft but it didn’t want to use Facebook. Do we have that flexibility? Yeah, well let me show you a demo of how you set this up. It’s really easy Ok cool So we’re going to go into the Azure AD console and you can see I’m gonna go into my tenant let me go ahead and show you. I’m going into my tenant and you can see here I’ve got this set up for a bunch of apps but my first app here were talking about is Proseware I click on the Proseware now I can pick which identity providers I want you can see here I’ve got Facebook and Google selected but don’t have to use those I just have chosen to in this case I can also set the attributes I want so for instance you can see here these are all kind of standard attributes but I’ve also added custom ones like membership number and offering type that we saw in the sign-in page, right? So that’s pretty cool too and then the magic though really of the service is what we call policies and so here I’ve got my standard sign up policy what a policy is it a flow that dictates how my application is gonna handle different identity tasks so for instance I use a policy to set up things like which set of attributes do I want to collect which identity providers do I want to use what do I want to get back in the token and how do I want the whole flow to work right and all that’s done through metadata so you don’t have to write any code as a developer to do it so here let me show you how that works ok so I’ve got my standard policy here the first thing I do is you can see here I’ve picked the identity providers I want to use Google, Facebook and email then I’ve gone ahead and I’ve setup which set of attributes I want to use to collect from the user and then finally in here I’m gonna set which set of attributes are gonna get passed to me as claims in my token so that now so this is nice too because now when I get back a token it’s gonna have all the things I need to really make a custom experience for the user yeah it’s very cool Now the next thing I’m gonna do here is I can go into the multifactor authentication and decide if I want to use that are not so that’s pretty cool in this case I’m not going to use it and then finally I can specify how I want the user experience to look like and I want mine to be highly customized so first I’m going to specify what I want to call all the different fields and you can see here I can even specify where the HTML and the CSS that we’re going to use to render this page for you right so it’s gonna look just like your service it’s not gonna look like a Microsoft service cause you’ve provided us the whole layout and what everything looks like we’re just gonna render it for you put all the fields on and make sure the flow you’ve called in a policy works That’s pretty cool, So all my corporate branding on that all of my application is going to look exactly as I expect what about if I’m building not maybe a web application but I’m building something for iOS or Android have we got folks covered on that one? So we get a lot of asks for that, right? Cause everybody wants to build a cool app for iOS or Android the good news is that Azure Active Directory is all based on open protocols and open standards right so all these different platforms you might wanna try to write an app for can easily connect to Azure AD but in addition to just having open protocols and standards we also have open source libraries right so if you want to get in and make changes or Spork or do things for your particular app you can do that here let me show you on the Azure site you can see here here’s the Getting Started page this gives you links to all those links but you can also see here on GitHub here’s my iOS libraries my Node.js libraries or if you’re the kind of guy who just wants to write to the protocols we even give you the standards here for how to go and use these examples to write to the protocal That’s pretty incredibly I mean the fact that it’s all built on open standards must mean that there are some folks out there that have already implemented this inside of their application have we got any really good examples so one of the most exciting ones is Real Madrid you know they’re one of the most popular football clubs in the whole world and they’re using Azure AD B2C to power their iOS Android and Windows Phone apps so let me show you on this iPhone here I’ve loaded the Real Madrid app yeah and I’m not registered as a fan yet so what I do is I click on I’m not registered yet this goes out uses the Microsoft system right so Azure AD B2C right here and you can see I can signup with Google Facebook or my email and I just click through and that’s gonna start using the service but you can see this whole thing just looks like the Real Madrid application right but it’s all powered with your Azure Active Directory B2C that’s pretty awesome that they’ve actually been able to build that in so quickly presumably very few lines of code they actually needed yeah super fast integrate right almost no code because all of its done in the policies like we were talking about on the service we take care of all the complexity for you that’s nice so say what kind of things are you guys actually going to be adding next into the service yeah this is the first preview that’s live right now there’s a lot more work to do so we’re gonna add an additional identity providers more security capabilities a lot more tools including tools that let you migrate from an existing store using a database on premise up into Azure Active Directory so you can easily get started so when is Azure AD B2C gonna be available to folks it’s available in preview right now but we expect to turn it on into GA in Q1 but you can get started already don’t have to wait in fact the first 50,000 users you want to store and the first 50,000 authentications that you use every month those are free that’s pretty cool ok so we want you to giving us feedback on the product that does

make the service much much better that’s all we have time for now on Microsoft Mechanics don’t forget to follow every Wednesday so you can find out what’s happening or as news breaks Thank you very much for watching Microsoft Mechanics www.microsoft.com/mechanics