A client assigned me to find IDM/IAM solutions including SSO and MFA for both their ~250 internal as 3.000 external users, i.e. a 1 to 12 ratio.
We looked into the Azure MFA pricing model since it's quite an impact to purchase 3250 per-user licenses instead of just the 250 internal users. On the other side, a per-authentication model (10 per bundle) leads to unpredictable cost, especially if some hack tool generates a gazillion failed attempts.
So our main question is how to properly license Azure MFA for 250 internal users and 3000 external users? The underlying questions we have:
Does the 1 user : 5 licenses ratio in an Azure B2B scenario only apply to Azure AD Premium or also to Azure MFA standalone?
Is there a possibility to mix a per-user license model for the 250 internal users and a different model for the 3.000 external users? (maybe even the 'free' MFA for Office 365 when they go there)
What does Microsoft do/bill in a per-authentication model if e.g. a robot generates a substancial amount of (failed) MFA transactions?
Any chance there's some sort of External Connector cloud variant for Azure MFA?