What subscription is Azure AD in M365B?

Iron Contributor

It's not clear if it is Azure AD P1 or not?  If it isn't, what can't you do with it?  It sounds like conditional access is not possible.  Are there any side by side docs comparing what it is and isn't?

 

Thank you.

4 Replies

The Azure Active Directory product page has a nice side-by-side feature comparison across the various license types, for the full Azure AD licenses: https://azure.microsoft.com/pricing/details/active-directory/

 

@Mark O'Shea has a great blog that explains that Microsoft 365 Business includes a subset of an Azure AD P1 license features: https://blogs.technet.microsoft.com/ausoemteam/2017/09/28/microsoft-365-business-part-2-azure-active... 

 

Hope that helps!

 

 

 

 

 

Hi David (and Sonia!!!)

 

I've got an even better one for you in here...

 

https://blogs.technet.microsoft.com/ausoemteam/2018/05/05/new-microsoft-365-business-capabilities-id...

 

I created the table in this one to try to make it clearer than the service description for what AAD Premium P1 features are included. The one thing I just realised I hadn't followed up is the "Application policy" reference which I'm pretty certain is supposed to be the AAD Application Proxy, which I wouldn't rank as one of the more requested capabilities like CA or PW writeback.

 

 

 

 

Hi David

 

Our vision for M365B is to build a product that meets the most IT needs of an SMB, so we are curating it carefully to match SMB needs. The Service description is your best guide to understand what features it has and it does have side by side comparisons: http://aka.ms/m365bsd

 

Could you tell us what customer scenarios you need AAD P1 or P2 for? is Conditional Access the only feature from AADP1 that you think you need in M365B? are there other features. Would love to understand this more

 

Thanks

Ashanka

Thanks for replying Ashanka.  The link you supplied gives a broad overview of the plans but it doesn't focus on Azure AD specifically.  It's hard to tell what parts of P1 or P2 are included.  This particular comparison gives more granular comparisons:  https://azure.microsoft.com/en-us/pricing/details/active-directory/

 

In that link, it's not clear what "advanced reporting" means and reporting is something I've found to be really useful.  One example has to do with a 70 user tenant that has SSO and provisioning enabled with Dropbox (sorry, couldn't get them off it).  Whenever we create a user in O365/E3, it creates a user in Dropbox which is great.

 

However, we ran into an issue where a user locked themselves out of O365.  It put their account in a blocked status (due to O365 Cloud App Security policy in place).  As such, it removed them from Dropbox which shouldn't have happened. 

 

I worked with support which took a while to find the right person to help troubleshoot.  By the time they finally figured out who that person was, my audit logs had expired and we couldn't see the sequence of events.  I "think" basic Azure AD gives 7 days but can't be certain.  We ended up not being able to figure out why the user was removed from Dropbox.

 

So to me, it seems like M365B having a subset of P1 is confusing which is why I was hoping to get a more granular breakdown of what it includes and doesn't include.  Conditional Access and reporting are features that are on our radar.  If you can't come out and say Azure AD P1 is included in M365B then it would be nice to have some clarity of what features of Azure AD P1 are included.  

 

Anything to simplify the confusing subscription/feature matrix that keeps growing would be fantastic.  I personally would support a M365B+ model that includes Azure AD P1 but would be price dependent obviously.  It gets too cumbersome to have corner cases in regards to users/subscriptions so an "all you can eat" plan makes administration easier.

 

Hopefully that made sense.  I rambled a bit.  :)

 

Thanks for listening.