Microsoft Azure B2B (Business to Business) collaboration provides companies with many collaboration capabilities which enables any organization using Azure AD to work safely and securely with users from other organizations using Azure AD. For more information about Microsoft Azure B2B, reference the “What is Azure Active Directory B2B collaboration” page.

When it comes to inviting users from different tenants to join an Azure AD, there are various options. Each of these options have specific benefits and some limitations. Options include:

• AzureAD PowerShell Module
  • New-AzureADMSinvitation
• Microsoft Graph API Management Agent for MIM
• Microsoft Azure Portal

If a customer decides to use MIM 2016 as a synchronization method, there are two options

1. using the Microsoft Graph API Management Agent
2. or a custom PowerShell Management Agent.

The choice between to two will be largely driven between the usage scenarios. If a customer wants to simply invite users into the tenant to share resources, the Microsoft Graph API Management Agent is a great options since it offer the ability to do delta operations. The Graph API MA however has specific limitations regarding the attribute set it can manipulated (e.g. proxyAddresses cannot be written since this is a Exchange Online attribute, even though it can be imported via the Graph API).

I recently worked on a project where one of the core business scenarios was to enable a cross-tenant Global Address List (GAL) based off the B2B guest users in each of the Azure AD tenant. In order to manage all the different proxyAddresses (and other attributes) the had to integrated into Azure AD and Microsoft Exchange Online. As such the choice was made to sacrifice delta functionality (since the PowerShell module does not support delta data) and to use a custom PowerShell management agent to integrate both the Azure AD and Microsoft Exchange Online endpoints.

Granfeldt PowerShell MA for Azure B2B

The complete PowerShell MA is available on Github as is based off the Granfeldt PowerShell MA framework (available here). The management agent supports various configuration options which are controlled by on included settings files. Options include:

Configuration Name	Configuration Description
connection-exchangeOnlineURI	Providers a value to store the Exchange Online PowerShell URI
logging-loggingEnabled	Enables and disables logging to PowerShell error stream and local file system files (Note that this is a unified single log file for diagnostic purposes only
logging-loggingVerbose	Enable / disabled debug logging (standard info logging is controlled by loggingEnabled)
logging-filePath	Provides a path for log files
logging-fileNameImport	Single file target for import run profile logging
logging-fileNameExport	Single file target for export run profile logging
logging-fileNamePassword	Single file target for password sync transaction logging
import-userFilterType	Sets which AzureAD UserTypes should be imported – value include “all”, “guest”, “member”
import-userFilterManager	Sets if Get-AzureADUserManager should be run on each user (disabled by default since this adds significant time to import)
import-userFilterRestrictImmutableId	Control if empty ImmutableID users should be ignored or not
import-userFilterHiddenFromAddressLists	Control if Get-MailUser should be executed on all guest to confirm Exo GAL visibility
import-userFilterPhoto	Control if Get-AzureADUserThumbnail is executed on all imported users (not implemented at the moment)
import-userThumbnailPath	Sets a path to store user thumbnails on the local filesystem
export-inviteEmailSending	Controls of an AzureAD B2B email invite should be sent to new users
export-inviteRedirectionURL	Provides a URL to redirect users to after redemption of AzureAD B2B invite

Source Available on GitHub

There are still many things that I would like to update and tweak on the implementation, but this will come in due course hopefully. If in the meantime this is valuable to someone or anyone wishes to contribute something the project on GitHub is the place to visit.