Oct 10 2023 02:42 AM
Hello Team,
I have a doubt regarding Azure AD PIM Licensing. According to the documentation:
"Licenses you must have
Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have employees that will be performing the following tasks:
Users assigned as eligible to Azure AD or Azure roles managed using PIM
Users who are assigned as eligible members or owners of privileged access groups
Users able to approve or reject activation requests in PIM
Users assigned to an access review
Users who perform access reviews "
In my tenant, The Azure AD P2 (Microsoft Entra ID P2) license is assigned at the tenant level.
Now my question is -
1. I have 30 users that will be added to some privileged role and will be managed via PIM. In My tenant I have 40 E5 licenses. Do 30 Azure AD E5(P2 will get automatically provisioned) licenses need to be assigned to these individual 30 users who will be in scope of PIM? or no need to assign as the tenant has already Azure AD P2 license activated at tenant level.
2. If I do not assign the license to the users individually, will I breach any compliance policy from Microsoft?
Please help me here.
Oct 10 2023 02:56 AM - edited Oct 10 2023 02:57 AM
@Dipronildey to use PIM you need the ENTRA P2 license for each user. for if you have 30 users that needs PIM , then you need 30 ENTRA P2 licenses. if those users already licensed with E5 than that enough as P2 is included in the E5 plan . you can buy also the ENTRA P2 license as standalone.
Oct 11 2023 10:35 PM
Hello @eliekarkafy
Thank you for your reply. I checked, the PIM feature is working though even not assigning any P2 license to the users. Why is that? and If I do not assign any license to the users, am I violating any compliance policy from Microsoft?
Oct 12 2023 02:03 AM