Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

Azure AD B2C is designed for business-to-consumer scenarios and includes built-in user flows plus native connectors for popular social identity providers such as Google and Facebook. You can also configure a multi-tenant Azure AD identity provider (or individual single-tenant providers) so that users from any customer's Azure AD tenant can authenticate through the same B2C endpoint. Because Azure AD B2C issues the tokens and manages all user flows, the web application only needs a single OpenID Connect/OAuth 2.0 integration, keeping code changes to a minimum.

Using Azure AD External Identities within a standard Azure AD tenant can allow some social and enterprise logins, but its feature set and customization options are more limited and it is optimized for partner collaboration rather than high-scale consumer scenarios. App Service authentication configured with a single-tenant Azure AD application would block users from other Microsoft Entra tenants and would still require additional configuration effort to add social providers. Azure AD Domain Services targets legacy LDAP/Kerberos requirements and does not address modern web or social authentication needs. Therefore, deploying an Azure AD B2C tenant and configuring both social and Azure AD identity providers is the most suitable choice.