Forum Discussion
Proper licensing for dynamic membership groups with the memberOf attribute.
Hello,
because Microsoft premium licensing in MS Entra is too confusing and problematic I would like to be informed about proper licensing while using dynamic membership groups with the memberOf attribute as this article describes: https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-member-of,
This function is available only for synchronized identities with premium licenses or just one premium license for a whole tenant is enought?
I assume we need only one premium license based on this (from the official documentation):
You must have a Microsoft Entra ID P1 or P2 license for the Microsoft Entra tenant.
However I want to be sure because with one premium license we have all premium features unlocked in MS Entra ID . This means we need to be really careful and take care of compliance which is from my point of view very unfortunate. Microsoft put heavy burden on their tenants because of this licensing approach. It would be very nice to develop system/feature/policy which will take care of it or at least notify tenants that they are not compliant.
This feature requires a Microsoft Entra ID P1 license or Intune for Education for each unique user that is a member of one or more dynamic membership groups. You don't have to assign licenses to users for them to be members of dynamic membership groups, but you must have the minimum number of licenses in the Microsoft Entra organization to cover all such users. For example, if you had a total of 1,000 unique users in all dynamic membership groups in your organization, you would need at least 1,000 licenses for Microsoft Entra ID P1 to meet the license requirement. No license is required for devices that are members of a dynamic membership group based on a device.
You need license for each user that's in the scope of the feature, the above quote is from this article: Manage rules for dynamic membership groups in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn
1 Reply
This feature requires a Microsoft Entra ID P1 license or Intune for Education for each unique user that is a member of one or more dynamic membership groups. You don't have to assign licenses to users for them to be members of dynamic membership groups, but you must have the minimum number of licenses in the Microsoft Entra organization to cover all such users. For example, if you had a total of 1,000 unique users in all dynamic membership groups in your organization, you would need at least 1,000 licenses for Microsoft Entra ID P1 to meet the license requirement. No license is required for devices that are members of a dynamic membership group based on a device.
You need license for each user that's in the scope of the feature, the above quote is from this article: Manage rules for dynamic membership groups in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn