For curiosity I tested this scenario with CA policy so that only my test user had EMS E5 (P2) license and other users had EMS E3 (P1). Regarding tests made today risk based CA policy seems to be working as expected. Tested with Tor browser to get risk based mechanism to work immediately with following options at policy:
- grant access with MFA
- Block access totally options
But I agree, if it's officially announced that all users needs AAD P2 license opinion from Microsoft would be helpful.