A company wants to allow employees to sign in using their Microsoft credentials (e.g., personal Outlook.com) to access internal applications. Which Microsoft Entra feature should be configured?
External ID supports consumer identities like Microsoft accounts.
Why this answer
Microsoft Entra External ID (formerly Azure AD External Identities) allows organizations to enable external users—including consumers with personal Microsoft accounts (e.g., Outlook.com)—to sign in to internal applications using their own credentials. This feature supports identity providers like Microsoft Accounts (MSA), Google, Facebook, and SAML/WS-Fed IdPs, making it the correct choice for allowing employees to use personal Outlook.com credentials for access.
Exam trap
The trap here is confusing Microsoft Entra B2B collaboration (which requires a business or school account) with Microsoft Entra External ID (which supports personal Microsoft accounts and social identities), leading candidates to incorrectly select B2B for consumer-facing scenarios.
How to eliminate wrong answers
Option A is wrong because Microsoft Entra B2B collaboration is designed for business-to-business scenarios, enabling external business partners to access resources using their work or school accounts, not personal Microsoft accounts like Outlook.com. Option B is wrong because Microsoft Entra device enrollment is used to register devices (e.g., Windows, iOS, Android) for management and conditional access, not to configure external identity providers for sign-in. Option C is wrong because Microsoft Entra hybrid identity synchronizes on-premises Active Directory with Microsoft Entra ID for a unified identity across hybrid environments, but it does not enable external personal Microsoft accounts to sign in to internal applications.