Aug 23 2018 04:07 AM - edited Aug 23 2018 05:54 AM
Aug 23 2018 04:07 AM - edited Aug 23 2018 05:54 AM
Are there any license resource/guides/Q&A available that gives on "overview" about the various licensing in O365/Azure?.
Example:
Q: I want to do 'Conditional Access' for 50 out of 5000 users
A: OK - you need a Azure P1 license/subscription - and you'll have to license all your 5000 users - not just the 50
Aug 23 2018 10:54 AM
Hello @Deleted (amazing),
I am not sure if there is something as granular/specific as what you are looking for, but this is my holy grail when it comes to O365 licensing info - https://technet.microsoft.com/library/office-365-service-descriptions.aspx
The service description file can be spliced every which way with the pivot tables at the top. It wont get a specific as your example "you need all users licensed for this." But you could 100% find out what licenses have what features, etc.
Hope this helps somewhat!
Adam
Aug 23 2018 08:46 PM - edited Aug 23 2018 08:48 PM
Hi @Adam Ochs
Thanks! - "It's not who we are but what we do that defines us."
Very useful link, but seeking more in the "admin" part - its a "big dark (knight) jungle" - when it comes to licensing :)
There are various "rumors/statements" floating around like; "You only need one Azure P1 license for the Global Admin in order to achieve "this and that"....."
and like this from a MS page::
"The administrator who configures the settings, and the members of the affected groups, must have Azure AD Premium licenses assigned to them"
In the above scenario I clearly don't need to assign/buy a Azure P1 license for all 5000 users (if they are not all in the groups :)... )
Does the same apply for conditional access?
Aug 24 2018 07:28 AM
Hey @Deleted,
I can test this in my lab for your today, I will try to get back to you before the weekend!
Adam
Aug 24 2018 08:34 AM
SolutionSo I just got done testing this out.
1st - Turns out enabling the conditional access policy helps.... i was sitting there for like an hour like why the heck is this not working....
Anyways,
I have a user with e3, as well as another with e5. The e5 user obviously has the appropriate AADP licensing to do conditional access and the e3 does not.
I created a conditional access policy for SPO and set MFA as a prereq fro both users. After a bit, I tested, and it enforced the MFA on both of them.
So even my user with just e3, and lacking the appropriate AADP license, still had conditional access enforced.
I would think think this would be how you can expect your tenant to act right now, but honestly I am unsure if that is intentional or not. It seems like a problem with auditing more than anything. So for now, I would say you are in the clear, but It would not surprise me if they set auditing better in the future and forced you to have AADP for CA to work.
Adam
Aug 24 2018 09:34 AM - edited Aug 24 2018 10:33 AM
Hi @Adam Ochs
Thanks :)
So I'll buy a single license for now - then doing the conditional access policy - and see whats "coming" audit wise - and maybe I'm violating the license rules .. but what the heck, MS needs to be more "transparent" in their licensing :D
Thanks again :)
Aug 24 2018 10:15 AM
There is some sort of joke about vigilante justice in here ;)
Aug 24 2018 08:34 AM
SolutionSo I just got done testing this out.
1st - Turns out enabling the conditional access policy helps.... i was sitting there for like an hour like why the heck is this not working....
Anyways,
I have a user with e3, as well as another with e5. The e5 user obviously has the appropriate AADP licensing to do conditional access and the e3 does not.
I created a conditional access policy for SPO and set MFA as a prereq fro both users. After a bit, I tested, and it enforced the MFA on both of them.
So even my user with just e3, and lacking the appropriate AADP license, still had conditional access enforced.
I would think think this would be how you can expect your tenant to act right now, but honestly I am unsure if that is intentional or not. It seems like a problem with auditing more than anything. So for now, I would say you are in the clear, but It would not surprise me if they set auditing better in the future and forced you to have AADP for CA to work.
Adam