Oct 07 2018 07:37 PM
Oct 07 2018 07:37 PM
It's not clear if it is Azure AD P1 or not? If it isn't, what can't you do with it? It sounds like conditional access is not possible. Are there any side by side docs comparing what it is and isn't?
Oct 07 2018 08:54 PM - edited Oct 07 2018 08:55 PM
The Azure Active Directory product page has a nice side-by-side feature comparison across the various license types, for the full Azure AD licenses: https://azure.microsoft.com/pricing/details/active-directory/
@Mark O'Shea has a great blog that explains that Microsoft 365 Business includes a subset of an Azure AD P1 license features: https://blogs.technet.microsoft.com/ausoemteam/2017/09/28/microsoft-365-business-part-2-azure-active...
Hope that helps!
Oct 07 2018 09:45 PM
Hi David (and Sonia!!!)
I've got an even better one for you in here...
I created the table in this one to try to make it clearer than the service description for what AAD Premium P1 features are included. The one thing I just realised I hadn't followed up is the "Application policy" reference which I'm pretty certain is supposed to be the AAD Application Proxy, which I wouldn't rank as one of the more requested capabilities like CA or PW writeback.
Oct 17 2018 11:42 AM
Our vision for M365B is to build a product that meets the most IT needs of an SMB, so we are curating it carefully to match SMB needs. The Service description is your best guide to understand what features it has and it does have side by side comparisons: http://aka.ms/m365bsd
Could you tell us what customer scenarios you need AAD P1 or P2 for? is Conditional Access the only feature from AADP1 that you think you need in M365B? are there other features. Would love to understand this more
Oct 17 2018 12:48 PM
Thanks for replying Ashanka. The link you supplied gives a broad overview of the plans but it doesn't focus on Azure AD specifically. It's hard to tell what parts of P1 or P2 are included. This particular comparison gives more granular comparisons: https://azure.microsoft.com/en-us/pricing/details/active-directory/
In that link, it's not clear what "advanced reporting" means and reporting is something I've found to be really useful. One example has to do with a 70 user tenant that has SSO and provisioning enabled with Dropbox (sorry, couldn't get them off it). Whenever we create a user in O365/E3, it creates a user in Dropbox which is great.
However, we ran into an issue where a user locked themselves out of O365. It put their account in a blocked status (due to O365 Cloud App Security policy in place). As such, it removed them from Dropbox which shouldn't have happened.
I worked with support which took a while to find the right person to help troubleshoot. By the time they finally figured out who that person was, my audit logs had expired and we couldn't see the sequence of events. I "think" basic Azure AD gives 7 days but can't be certain. We ended up not being able to figure out why the user was removed from Dropbox.
So to me, it seems like M365B having a subset of P1 is confusing which is why I was hoping to get a more granular breakdown of what it includes and doesn't include. Conditional Access and reporting are features that are on our radar. If you can't come out and say Azure AD P1 is included in M365B then it would be nice to have some clarity of what features of Azure AD P1 are included.
Anything to simplify the confusing subscription/feature matrix that keeps growing would be fantastic. I personally would support a M365B+ model that includes Azure AD P1 but would be price dependent obviously. It gets too cumbersome to have corner cases in regards to users/subscriptions so an "all you can eat" plan makes administration easier.
Hopefully that made sense. I rambled a bit. :)
Thanks for listening.