Forum Discussion

Eddie79's avatar
Eddie79
Copper Contributor
Jun 12, 2023

Azure AD premium and Defender for Cloud Apps License requirement

Hi, we are planning to deploy limitation as  document:https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad Protect Sharepoint Online with Microsoft Defender for Cloud Apps Conditi...
MrAzureAD's avatar
MrAzureAD
Copper Contributor
Jun 12, 2023

1) As far as I know, you are correct: AAD P1 and MDCA is sufficient. Be however aware that this only works for all SharePoints. If you want MDCA to be only used for subset of SharePoint sites marked, you will need E5 compliance to map auth context to sensitivity labels.
2) You will need licenses for everyone "benefiting" from the functionality. So if you restrict the CA rule to external users, then you need only licenses for these. But this only applies if your external users are managed inside your tenant (like employees). Azure AD B2B users (aka guest users) are licensed differently: Old license model: 5 B2B guest licenses per 1 employee license; New model: B2B guests must be licensed per "monthly active user" (MAU), but 50000 per month are free and they can be used with the highest license in your tenant.

As always with licensing: Look into the details and discuss this with your Microsoft accounting team.

Greetings,
Tobias / MrAzureAD

Resources