licensing requirements for Azure Conditional Access

Copper Contributor

I have created a Conditional Access Policy for MFA and need to confirm the license requirements to use this policy.


Most of our users have E3 licenses.


Azure tenant has a Azure AD Premium P1


Just looking to confirm we meet license requirements.

7 Replies



If you have Microsoft 365 E3 Licenses , yes you meet the requirements since Azure AD Premium P1 is included . See the screenshot in attachement .
Reference :



Thanks, that is great.

I have taken a look, but cannot find the same table for E1 & F1 licenses are you able to help?
1) With PREMIUM P1, we have all possibilities tasks achieved such as Core Identity and Access Management, Identity & Access Management for Office 365 apps, Premium Features such as Banned password, SSPR, MS Cloud app discovery, Azure AD Join & bit locker, and most of the conditional access policy except Identity Protection such as Vulnerabilities and risky accounts detection, Identity Governance (PIM access review & approve) will be possible only with Premium P2

2) Office 365 E3 has limited features than Office 365 E5, however in my opinion plan the infra with the latest features to use M365 E3 + limited license for security admins to have O365 E5 or Microsoft 365 F5 Security + Compliance Add-on.




Thanks for the responses, I have found the attached document, that show what you get with each license.

No Problem
Yes Enterprise Mobility and Security is only for E3 and E5 licences .

Can you please mark as answer if it was helpful ? Thanks
Does Office 365 E3 license still comes with Conditional Access feature or Microsoft has changed it?
Thank you
The M365 Maps - has an excellent Feature matrix:

E3 still comes with Conditional Access.