Welcome to the Azure ecosystem. Your first step as an architect is Entra ID (formerly Azure Active Directory). It is the 'Source of Truth' for all users, groups, and applications in your organization.
Entra ID natively supports the world-standard protocols for authentication (OIDC) and authorization (OAuth2). For .NET developers, this means you can use the **Microsoft.Identity.Web** library to secure your APIs with just a few lines of code in Program.cs.
B2B (Business-to-Business): Allow users from other companies to log in to your app using their own corporate credentials (Guest users).
B2C (Business-to-Consumer): A separate service for public applications (like a social network or retail site) where users sign up with Gmail, Facebook, or a local email. **Architect Tip:** Use B2C for internal-facing apps if you want to keep your corporate directory 100% isolated from the public.
Q: "Why should I use Entra ID instead of a local SQL table for users?"
Architect Answer: "Security and Compliance. Entra ID gives you **Multi-Factor Authentication (MFA)**, **Conditional Access** (e.g., 'Only allow login from company IPs'), and **Self-Service Password Reset** out of the box. Building these features yourself in SQL is a massive security risk and a waste of developer time. Identity is a commodity—outsource it to Microsoft."