Forum Discussion

dima's avatar
dima
Copper Contributor
Jan 21, 2025

Entra Private Access Licensing

I'm a bit stuck trying to figure out what licensing we need to get us working on BYOD devices such as iPads if we want to use the Private Access part of Global Secure Access.

A few places on Microsoft's website mention that as long as we have an Entra ID P1 or P2 license and a Private Access license assigned to a user, we should be able to enrol mobile devices without any issues. However, when I try to sign into MS Defender on an iPad (tried 2 different ones), I get an error saying invalid license. 

One of the users I am currently testing has an Office 365 E3 license assigned as well. 

Where am I going wrong?

  • micheleariis's avatar
    micheleariis
    Steel Contributor

    Hi, let me explain the situation in a simple way. The Entra ID P1/P2 licenses, along with the Private Access license, are sufficient for the Private Access functionality. However, if you want to use the MS Defender app on an iPad, the device requires a license that covers mobile endpoint protection. In your case, the user also has an Office 365 E3 license, but this does not include the mobile Defender features.

    When you try to sign into MS Defender on the iPad, you get the invalid license error because the mobile-specific license is missing (for example, Microsoft Defender for Endpoint Plan 2, which is often included with Microsoft 365 E5 or available as an add-on).

    To resolve the issue, you should assign a license that covers Microsoft Defender for Endpoint on mobile devices and ensure that all the enrollment prerequisites (such as integration with Intune, if necessary) are met.

Resources