Forum Discussion
User classed as internal or external for Azure AD P2.
It depends on the reason that the tenant A users are accessing tenant B.
To explain, since Privileged Identity Management (PIM) in Azure Active Directory (Azure AD) is licensed per tenant, the users in your scenario will need to be licenses for tenant A as well as tenant B.
However, if the tenant A users are accessing tenant B to simply do the following tasks, then they do not need a license:
- set up PIM
- configure policies
- receive alerts
- and set up access reviews
License requirements to use Privileged Identity Management - Microsoft Entra | Microsoft Learn
If this (or someone else's) reply answers your question, please Accept as the solution to help the other members find it more quickly. Otherwise, please let me know if you need further assistance on this topic.
Regards,
Microsoft CSP Licensing Concierge
Thanks for the responses so far.
In this case users from tenant (A) would access resources in tenant (B) but would be required to activate an eligible role in tenant (B) using PIM.
In this case, the tenant (A) user has AAD P2, tenant (B) has at least one AAD P2 to enable the features. Would they still require an AAD P2 license in tenant (B) for their guest/external user account to use PIM or are these features included in the PAYG capacity as per this document?
Pricing - Active Directory External Identities | Microsoft Azure
- Yes, we are a CSP Direct partner.
My apologies if I'm missing something, but may I ask why the FAQ info in the link that you provided along with Rahul-kumar's response does not provide the information that you're looking for?
I may need you to clarify your question if the FAQ & other info is not addressing your scenario
Regards,Microsoft CSP Licensing Concierge