cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identity Protection - Risk Based Conditional Access Licensing

Ammar Hasayen
Iron Contributor

‎Oct 17 2017 07:18 AM - last edited on ‎Jan 14 2022 05:28 PM by

‎Oct 17 2017 07:18 AM - last edited on ‎Jan 14 2022 05:28 PM by

Identity Protection - Risk Based Conditional Access Licensing

I have an enteprise with thousands of users with EMS E3 licenses.  The finanance department is a critical space, and they have 500 people working on that department.

 

They want to purchase EMS E5 license and assign them to those 500 critical users, to take advantage of the conditiional access with risked based protection.

 

Is this possible? I mean will purchasing 500 EMS E5 licenses for those users, willl enable risk based conditional access for them?

3,717 Views
0 Likes
3 Replies
Reply
3 Replies
Sami Lamppu

‎Oct 28 2017 02:34 AM

‎Oct 28 2017 02:34 AM

Re: Identity Protection - Risk Based Conditional Access Licensing

Hi,

Regarding my experience It should work with Conditional Access policy and targeting policy to group which contains users who has EMS E5 license.

 

Risk based signing was not visible in our tenant until we bought EMS E5 licences. Below are pictures from tenant before and after EMS E5 license was purchased.

 

EMS E3.PNGEMS E5.PNG

1 Like
Reply
Ammar Hasayen

‎Oct 28 2017 06:06 AM

‎Oct 28 2017 06:06 AM

Re: Identity Protection - Risk Based Conditional Access Licensing

Thank you for your reply. Ya the risk based factor appears for me too.

 

Microsoft announced that this will not work unless all users have AAD P2 license (part of EMS E5), and that if portion of the users have that license, conditional access with risk based will not work.

 

I would love if MS could say something here and help us figure this out.

0 Likes
Reply
Sami Lamppu

‎Oct 29 2017 12:34 PM

‎Oct 29 2017 12:34 PM

Re: Identity Protection - Risk Based Conditional Access Licensing

For curiosity I tested this scenario with CA policy so that only my test user had EMS E5 (P2) license and other users had EMS E3 (P1). Regarding tests made today risk based CA policy seems to be working as expected. Tested with Tor browser to get risk based mechanism to work immediately with following options at policy:

- grant access with MFA

- Block access totally options

 

EMS-E5.png

 

But I agree, if it's officially announced that all users needs AAD P2 license opinion from Microsoft would be helpful.

 

0 Likes
Reply