Forum Discussion

Ottovw's avatar
Ottovw
Copper Contributor
Mar 08, 2021

Azure Active Directory Premium P1 plan

Hello,

 

When i only need to use the extra Dynamic groups or/and Conditional Access features in Azure AD i need at least Azure AD Premium P1 plan. Therefor i need to pay for each user in my tenant who authenticate, right?

 

So I have a test environment with only Enterprise Mobility + Security E5 license. This license model includes Azure AD Premium P2. So my test tenant has a Azure AD Premium P2 plan.  I do not understand why it is possible to assign a P1 and/or P2 license per user if the whole Azure AD already has a Premium P2 plan. I can still use the Conditional Acces features even for users without a license. 

As far as I have understood;  Azure AD comes in 4 license models: Free, O365, Premium P1, Premium P2. License plans for the Azure Ad tenant. I therefore do not understand why I can still select P1 or P2 per user if the features for the Azure AD with P1 or P2 already enabled (eq Condition Acces, Dynamic groups). 

 

  • Microsoft does not enforce licensing requirements in code for many of the features, thus making them available even when no direct license assignments exist. This doesnt mean that you are allowed to go that route, it still counts as license violation.
    • Ottovw's avatar
      Ottovw
      Copper Contributor
      So if I understand correctly, it is my own responsibility to determine which user uses, for example, Conditional Access Policy and for this I have to activate the p1 license.

      Do I only pay for the activated users or do I pay for the entire Azure AD tenant with all my users in it?
      • You pay for the number of licenses purchased, it's your responsibility to make sure this number is sufficient to cover all users taking advantage of specific feature(s).

Resources