Azure B2B Resource Center

Azure Business-to-Business (B2B) managed collaboration enables application and department administrators at Johns Hopkins to invite external guests to access Hopkins applications. Administrators can create guest accounts for their respective applications, allowing invited users to sign in with their own email addresses. If these guests already have Microsoft or Google accounts, they will be redirected to the appropriate platform for authentication before returning to the Hopkins application. For those with email accounts hosted by other systems, a one-time passcode will be sent to their email for access.

Frequently Asked Questions

Why am I here?

If you were redirected here after accepting the guest invitation from Microsoft on behalf of Johns Hopkins, then you have been registered to take training. The myLearning system will be available for you to login 24 hours after your invitation date. Please reach out to the contact or department that requested your guest account if you have any questions. 

What is the multi-factor authentication (MFA) requirement for B2B accounts?

Multi-factor authentication (MFA) is required for all B2B accounts. MFA helps protect accounts by requiring a second form of verification in addition to a password, reducing the risk of unauthorized access.

How do I enroll in Azure MFA?

We suggest you watch our Enrollment Video and follow along with the process.  Once enrolled, you should explore the Azure MFA Portal.  You can make changes to your MFA settings, set a default MFA method and even delete your device (should you lose it).

We encourage everyone to add a backup MFA method. ​​​​​​​This ensures you can still access your account with minimal disruption if you change phones, update your phone number, or switch computers.

***To add a backup method:

  • Choose and enroll an additional method.
  • Go to the My Sign-ins site
  • Select “+ Add sign-in” method

What are the recommended and available MFA methods?

1. Passkeys (Biometric or Device-based Sign-in):

Passkeys are password less sign-in methods that are phishing-resistant and tied to your device. They replace passwords with biometrics or a device unlock method.

Microsoft Authenticator App Passkey Registration

  • How it works: Instead of entering a password, you sign in using a passkey tied to your device (such as Face ID, Touch ID, fingerprint, or device PIN). The Microsoft Authenticator app stores the passkey and prompts you to verify with your biometric or device unlock method.
  • Security Considerations: Provides phishing-resistant authentication that’s stronger than passwords alone. Since the passkey is bound to your device, attackers cannot reuse stolen credentials. A backup method should still be registered in case you lose or replace your device.
  • Requirements: The Microsoft Authenticator app installed and configured on a compatible smartphone.
  • Support guideMicrosoft Authenticator App Passkey Registration

Windows Device-Based Passkey Registration 

  • How it works: Instead of entering a password, you sign in with a passkey securely stored on your Windows device. The device verifies the passkey locally to authenticate your sign-in, no password required. Device-based passkeys can be set up on both managed and personal Windows devices.
  • Security Considerations: Provides phishing‑resistant authentication that is stronger than passwords alone. The passkey is unique to a specific device, it cannot be reused by attackers even if credentials are compromised. Only one Windows device‑based passkey can be registered per user on a given device. A backup MFA method should remain registered in case the device is lost or replaced.
  • Requirements: A physical Windows device (device‑based passkeys cannot be registered on virtual machines) and currently enrolled in Multi‑Factor Authentication (MFA).
  • Support guideWindows Device‑Based Passkey Registration

Windows Hello Registration

2. FIDO2 Security Key (Hardware Key)

  • How it works: A physical USB, NFC, or Bluetooth security key (such as a YubiKey) is used to verify your login by tapping or inserting it.
  • Security Considerations: Strong phishing resistance and does not rely on a phone or network connection. However, the device must be physically carried with you and can be lost or misplaced.
  • Requirements: A compatible YubiKey registered with your account. ***You must purchase yourself.
  • Support guideYubiKey Setup | Unlock and Reset YubiKey

3. Number Matching (Push Notification Approval) – Microsoft Authenticator

  • How it works: You receive a push notification on your mobile device and must enter a number shown on the login screen into the app.
  • Security Considerations: Strong protection against phishing and accidental approvals. Recommended as the most secure method.
  • Requirements: Install the Microsoft Authenticator App on your mobile device and enable notifications.
  • Support guideAzure MFA Number Match App Enrollment

Why can’t I sign in to my application?

Verify you’re using the correct B2B email account that the application owner registered for you. Also, make sure you’re trying to sign into the right application system (e.g., learning.jhu.edu).

How do I change my password?

Your password is managed by your email provider (Gmail, Yahoo, etc.). Please use their password reset service.

I lost the email invitation that Johns Hopkins sent to me.

You can go directly to the URL that the application owner provided.

Can I log on with multiple Microsoft365 accounts on the same computer?

If you are logging into a new Microsoft365 account, you may find that your browser has saved your credentials from an existing account, and the application will attempt to log into that account automatically.


Options to switch between accounts:

  • Sign out of the account you are signed in with, and then sign in with the other account.
  • Use a different web browser.
  • Open a “private session” in your current web browser. Click the browser icons below to learn more: