Definitive License Breakdown - Conditional Access MFA Azure

Copper Contributor

Good Afternoon, 


So my requirement is a basic conditional access policy that is based on members of an AD synced group. 


The users all have an E3 all 4000 of them and we have some P2's as a business. 


My understanding is that as E3 has an Azure P1 license within it that I can create a Conditional Access policy in Azure for our MFA access to Exchange/OWA/Azure 


Is this correct because the licensing breakdown for Microsoft looks itemised but is pretty ambiguous 

1 Reply
Hi Alex,

To clarify, I assume you are referring to M365 E3 and Azure AD Premium P1.

In this case it looks like you are sufficiently licensed. Microsoft 365 E3 includes Azure AD Premium P1 which allows you to define conditional access policies. Those policies can then be applied to groups (even if they are synced from on-prem).

You would only require Azure AD premium P2 for users that are affected by Risk-based conditional access policies or Identity protection (risky users, risky sign-ins) which are premium P2 features.

Bear in mind I'm making assumptions based on the info you provided above and do not know your complete set up therefore do not use my response as explicit confirmation that you are correctly licensed.