Forum Discussion

KVS's avatar
KVS
Copper Contributor
Sep 23, 2020
Solved

Azure AD P1 and Autopilot question

We are looking to try autopilot with Azure AD only as well as hybrid AD join. Want to understand all the licensing requirements for Azure AD, Intune and Autopilot. Is it possible to run a Autopilot i...
Intune
  • markoshea's avatar
    markoshea
    Sep 24, 2020
    Hi VK

    1) The AAD licenses would be assigned to users, not devices. Licenses can be reassigned, but you would need to ensure that users aren't leveraging any other capabilities of AADP P1 prior to the licenses being revoked and then losing those features as well.
    2) The biggest initial benefit you get by adding AADP P1 to Autopilot is that the devices will automatically enroll with Intune after performing the AAD Join, rather than it being an extra manual step. This means that if a device reset is performed, and the AAD P1 license isn't assigned to the user, the device will be AAD Joined, but not Intune managed until that is addressed separately.
    3) https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback has more details, but two of the main scenarios are WHfB with hybrid certs. and CA via ADFS. Others may have some additional use case scenarios
Lewis-H's avatar
Lewis-H
Iron Contributor
Sep 24, 2020
Azure AD Premium P2 license is assigned on per user basis. If only 100 users wants to use the premium features, license needs to be assigned to only those 100 users and not to all 200 users.

For guest users, you need to maintain 5:1 which means, if guest users want to use Premium P2 features, you don't need to assign 5 licenses to 5 guest users. You just need to assign 1 license to any of those 5 guest users. If 10 guest users want to use Premium feature, assign license to only 2 guest users out of those 10 users, in order to stay compliant.

Resources