Skip to content

Commit c39ea64

Browse files
RideMoRideMo
authored
Update best-practices.md
I added a row in the B2C foundation (best practices) with guidance on Security, and a link to our B2C Security Architecture guidance
1 parent 4542f0d commit c39ea64

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

articles/active-directory-b2c/best-practices.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ The following best practices and recommendations cover some of the primary aspec
2929
| Choose user flows for most scenarios | The Identity Experience Framework of Azure AD B2C is the core strength of the service. Policies fully describe identity experiences such as sign-up, sign-in, or profile editing. To help you set up the most common identity tasks, the Azure AD B2C portal includes predefined, configurable policies called user flows. With user flows, you can create great user experiences in minutes, with just a few clicks. [Learn when to use user flows vs. custom policies](user-flow-overview.md#comparing-user-flows-and-custom-policies).|
3030
| App registrations | Every application (web, native) and API that is being secured must be registered in Azure AD B2C. If an app has both a web and native version of iOS and Android, you can register them as one application in Azure AD B2C with the same client ID. Learn how to [register OIDC, SAML, web, and native apps](./tutorial-register-applications.md?tabs=applications). Learn more about [application types that can be used in Azure AD B2C](./application-types.md). |
3131
| Move to monthly active users billing | Azure AD B2C has moved from monthly active authentications to monthly active users (MAU) billing. Most customers will find this model cost-effective. [Learn more about monthly active users billing](https://azure.microsoft.com/updates/mau-billing/). |
32+
| Follow Security best practices | There are continuous and evolving threats and attacks, and like all owned resources, your Azure AD B2C deployment should follow best practices for security, including guidance on implementing WAFs (defense against DDOS, Bots etc.) and other defense in depth best guidance [B2C Security Architecture](https://learn.microsoft.com/en-us/azure/active-directory-b2c/security-architecture). |
3233

3334
## Planning and design
3435

0 commit comments

Comments
 (0)