faq-customers.md

title	Frequently asked questions
description	Find answers to frequently asked questions about Microsoft Entra External ID. Learn about pricing, features, and the future of Azure AD B2C and External Identities.
ms.topic	faq
ms.date	01/06/2026
ms.custom	it-pro

Microsoft Entra External ID frequently asked questions

This article answers frequently asked questions about Microsoft Entra External ID. It offers guidance to help customers better understand Microsoft’s current external identities capabilities and the journey for our next generation platform (Microsoft Entra External ID).

This FAQ references customer identity and access management (CIAM). CIAM is an industry recognized category that covers solutions that manage identity, authentication, and authorization for external identity use cases (partners, customers, and citizens). Common functionality includes self-service capabilities, adaptive access, single sign-on (SSO), and bring your own identity (BYOI).

External ID pricing

How is External ID billed?

Microsoft Entra External ID pricing is based on monthly active users (MAU), which is the count of unique users with authentication activity within a calendar month. External ID consists of a core offer and premium add-ons. The Microsoft Entra External ID core offering is free for the first 50,000 MAU. For the latest information about usage billing and pricing, see Billing model for Microsoft Entra External ID.

Note

Existing subscriptions to Azure Active Directory B2C (Azure AD B2C) B2C or B2B collaboration under an Azure AD External Identities P1/P2 SKU remain valid and no migration is necessary. We communicate upgrade options once they're available.

Does the 50,000 MAU free tier apply to add-ons?

No, External ID add-ons don't have a free tier. To learn more about pricing visit the External ID pricing page.

Does External ID have phone authentication via SMS?

Currently, SMS isn't available for first-factor authentication or self-service password reset in external tenants. However, SMS is now available for second-factor verification in external tenants at additional cost. Learn more

I linked my external tenant to a subscription, but the license status still shows "free"

After you link your external tenant to a subscription, you can view it on your external tenant home page (Home > Billing). However, the license on your external tenant overview page (Home > Tenant overview > Overview) still shows Microsoft Entra ID Free. We're working to resolve this known issue.

Why does my Azure AD External Identities bill show phone charges named "Microsoft Entra External ID?"

Following the new billing model for Azure AD External Identities SMS Phone Authentication, you might notice a new name for Phone MFA on your bill. Now you see the following names based on your country or region pricing tier:

• Microsoft Entra External ID - Phone Authentication Low Cost 1 Transaction
• Microsoft Entra External ID - Phone Authentication Mid Low Cost 1 Transaction
• Microsoft Entra External ID - Phone Authentication Mid High Cost 1 Transaction
• Microsoft Entra External ID - Phone Authentication High Cost 1 Transaction

Although the new bill mentions Microsoft Entra External ID, if you're an Azure AD External Identities customer, you’re still billed for Azure AD B2B based on your core MAU count.

About External ID

What is Microsoft Entra External ID?

Microsoft Entra External ID is our next generation CIAM platform. It represents an evolutionary step in unifying secure and engaging experiences across all external identities including customers, partners, citizens, and others, within a single, integrated platform.

Is Microsoft Entra External ID a new name for Azure AD B2C?

No, it's not a new name for Azure AD B2C. Microsoft Entra External ID is our next generation CIAM solution that combines CIAM use cases and B2B collaboration features into one unified platform.

I notice some name changes, both in the admin center and on the website

Yes, we rebranded some items in the admin center and in our messaging to best match our vision for External ID. The following table summarizes the changes.

Previous name	New name
Azure AD External Identities	Azure AD B2C
Azure AD B2B	Now part of Microsoft Entra External ID
Azure AD for customers	Microsoft Entra External ID
Azure AD B2B collaboration	External ID B2B collaboration
Azure AD B2B direct connect	External ID B2B direct connect
Customer tenant	External tenant

Note

A Microsoft Entra tenant can be created in either a workforce tenant configuration or an external tenant configuration. Learn more about tenant configurations.

How can I get started with External ID?

Get started with securing your consumer and business customer apps by creating an external tenant in the Microsoft Entra admin center.

Azure AD B2C and Azure AD External Identities

What's happening to Azure AD B2C and Azure AD External Identities?

Effective May 1, 2025 Azure AD B2C P1 and P2 will no longer be available to purchase for new customers, but current Azure AD B2C customers can continue using the product. The product experience, including creating new tenants or user flows, remains unchanged. The operational commitments, including service level agreements (SLAs), security updates, and compliance, also remain unchanged. We'll continue supporting Azure AD B2C until at least May 2030. More information, including migration plans will be made available. Contact your account representative for more information and to learn more about Microsoft Entra External ID.

What's happening to Azure AD B2B collaboration and B2B direct connect?

Azure AD B2B collaboration and B2B direct connect are now part of Microsoft Entra External ID as External ID B2B collaboration and B2B direct connect. They remain in the same location in the Microsoft Entra admin center within the workforce tenant.

I have a substantial investment in custom policies, including code artifacts and CI/CD pipelines. How should I view the upcoming converged platform?

We recognize the large investments in building and managing custom policies. We listened to customers who told us custom policies are too hard to build and manage. With the new External ID platform, we're simplifying experiences so that custom policies are no longer needed. We'll provide a migration path for existing custom policies in B2C when it becomes available.

Product Features

What's the difference between external and workforce tenants?

Both are Microsoft Entra tenants, but with different default configurations. Learn more about the tenant configurations.

Are there custom policies in External ID?

Our next-generation CIAM platform is designed to accommodate equivalent capabilities without the need for complex custom policies.

What identity providers does External ID support?

External ID supports various identity providers, including Microsoft Entra accounts (via invite), Facebook, Google, Apple, custom OIDC, and SAML/WS-Fed identity provider federation. Identity providers are based on the tenant configuration and whether the external user is invited or uses self-service sign-up. Learn more about identity providers in External ID, and refer to our supported feature comparison.

Where can I find a list of External ID features?

For a detailed list of the External ID features and capabilities, see Supported features in workforce and external tenants.

Will External ID support Microsoft Entra US Government Cloud?

External ID currently supports public clouds only. External ID in the public cloud is accredited for Federal Risk and Authorization Management Program (FedRAMP) High and Department of Defense (DoD) Impact Level 2 (IL2).

Developer Experiences

I'm a developer, where can I get started with External ID?

You can find the latest resources and information for developers in our Developer Center.

• Create an external tenant and follow a guide to set up your tenant and run your first sample.
• Use our tutorials to learn how to build and integrate your consumer and business customer apps with External ID.
• Sign up for Identity blog email updates to keep up with the latest news and insights.
• Follow us on YouTube for video overviews, tutorials, and deep dives.

In addition to those resources, we have some developer-focused features in public preview:

• Use Microsoft Entra External ID as an identity provider for Azure App Service’s built-in authentication.

• Use the Microsoft Entra External ID extension for Visual Studio Code. This extension offers a seamless, guided experience that enables you to create and configure a sample External ID application entirely from within VS Code. Read our blog and documentation to learn more.

How do I add authentication with External ID to my app code?

We have a single, unified Microsoft Authentication Library (MSAL) where the same application code works for workforce and customer scenarios. In three steps, you can sign up or sign in a user:

1. Configure MSAL to use to your tenant and application
2. Create a sign-in function that calls MSAL to start the web-based sign in flow
3. Create a response handler which can extract customer information from the returned token

You can see example code for each of these steps in our sample applications.

Can I build a fully custom authentication sign-in experience?

Native authentication empowers you to take complete control over the design of the sign-in experience of your mobile applications. It allows you to craft stunning, pixel-perfect authentication screens that are seamlessly integrated into your apps, rather than relying on browser-based solutions. Read more in our blog.

What integrations does External ID support for developers?

External ID supports server-side integrations with external systems via custom authentication extensions. This capability allows developers to implement their own logic and invoke it via real-time API calls during sign-in/up flows.

Related content

Learn more about Microsoft Entra External ID.