Licensing
21 TopicsConditional policies to access to SharePoint and Files (not Apps)
Hi Team!! I'm looking for a way to restrict SharePoint access from outside of my office network (typically using the static public IP address). My understanding is that to do so, I require configuring conditional access policies in Azure (which in turn requires Entra ID P1 license for each user). Is my understanding correct? If so, do I have to licenses each and every user to do so? And the other clarifications I'm looking for is; Does conditional access policy apply universally to all users when enabled? or only to those with Entra ID P1 license? Reason for this clarification is that I tried applying this using a trial license by setting up a policy to block SharePoint access outside our office network but it ended up applying to all users instead of the ones with trial license assigned. Further I noticed that, when setting this policy blocks the entire Microsoft Teams app as well, where as my objective is to limit access to the files in Teams as they are part of the SharePoint. Is there a way to control access to SharePoint files in Teams without blocking the whole Teams app? Do let me know if I'm doing something wrong here?26Views0likes2CommentsLicense for Multi Tenant Setup
Scenario: User R is part of Tenant A and have M365 License. Tenant A & B are cross sync. Whether User R would need M365 license from Tenant B to operate on files stored in Tenant B? Scenario: User M is the external guest to Tenant B. Whether User M would need M365 license from Tenant B to operate on files stored in Tenant B?240Views0likes5CommentsWhat's next for existing dynamic groups if there are no enough Entra P1 and we still need this group
We've noticed on 24' Sep. 9, Microsoft gave such heavy update. This update asks all dynamic group members to be equipped with Entra P1 to stay in the group. We have many dynamic groups for group licensing, and don't want to buy this license for all internal users (we're using Business Basic mostly). We can fully automate this process by ourselves, but there is no option to remove existing dynamic membership rule, we can't predict how these old dynamic groups act in the future. Does anyone know how to turn these "dynamic groups" into "assigned groups"? Sep. 9, what a horrible day, the PnPOnline cmdlet changed, dynamic membership rule changed...... nearly all PowerShell scripts have to change. My WLB is broken. Boeingnization ?Solved538Views0likes3CommentsMultitenant organization (MTO): user licenses
Hello everyone, As described here, I have created an MTO. It seems to have worked because I can see users from tenant A in tenant B. Everything looks correct, as the users have #EXT# in their usernames, their type is “Member”, and their identity is “ExternalAzureAD”. BUT they are all unlicensed. My question: is there a way to synchronize the licenses of the users, or do I really have to purchase the same license twice for a single user? Specifically, I am interested in the following licenses: Microsoft 365 Business Premium (access to Teams, SharePoint, Exchange Online sharedmailboxes, etc.) Dynamics 365 licenses (e.g., Business Central). Thank you very much for your assistance, and warm regards, Nico1.7KViews0likes2CommentsLicense delegation to Role Based groups
Hello good people! I have recently encountered an issue with delegating licenses to role based groups. It has worked for the duration of whole 2022. I have used this feature to cover my PIM/PAG groups with the correct licensing. Today when i was going to create these groups in a new tenant (which i do every month) i was unable to. Something must have changed recently and i can not find any information on it. Usually i had the "licensing" blade enabled under the group (i still do for regular groups). So instead i went into the specific licens in Azure AD and chosed "group assigned", there i could see my previous added role-based groups, but when i try to add a new one they are grayed out with "Role assignable groups are not allowed." on them. All i could find was an update to MicrosoftDOCS on github to get the documentation changed: https://github.com/MicrosoftDocs/azure-docs/pull/102870/commits/eab96510be5331bc665872e29c54a681c41137d3 (from 17 dec 2022) Do anyone have any additional information on what have changed, when and why? Im wondering how i should cover these groups now with the licensing. Maybe its now automatic? (All Role-based groups are automatically assigned P1 to members and if converted to PIM/PAG, it gets a P2 licenses for members?). Thank you!1.1KViews1like2CommentsNew Blog | Introducing Microsoft Entra License Utilization Insights
Over 800,000 organizations rely on Microsoft Entra to navigate the ever-changing threat landscape, ensuring their security while enhancing the productivity of their end users. Customers have frequently expressed their desire for greater transparency into their Entra usage, with licensing being a particularly popular request. Today, we’re excited to announce thepublic previewof Microsoft Entra license utilization portal, a new feature that enables customers to optimize their Entra ID Premium licenses by providing insights into the current usage of premium features. In this post, we’ll provide an overview of Entra ID license utilization, including what it is, how it works, and how you can optimize your license to get the most out of your Entra ID Premium Licenses. The Entra ID License utilization portal allows you to see how many Entra ID P1 and P2 licenses you have and the usage of the key features corresponding to the license type. We're thrilled that Conditional Access and risk-based Conditional Access usage are available as part of the public preview, but this would be expanded to include usage of other SKUs and corresponding features at general availability. This perspective is an initial stride towards empowering you to comprehend your license count and the value you extract from your Entra license. It also aids in addressing any over-usage issues that might emerge in your tenants. Try the public preview The license utilization & insights portal is available under the “Usage & Insights” blade. Figure 1. License utilization insights portal under Usage & Insights blade Read the full story here: Introducing Microsoft Entra License Utilization Insights - Microsoft Community Hub806Views1like0CommentsEntra ID Identity Protection - MFA registration policy
Hello Everyone, Ive been reading up a lot on the possibility to enforce MFA registrations for users in different types of tenants. Until recently ive always used CA policies to enforce the MFA requirement and follow ring-based deployments. Then i had a few instances where i was able to use Entra ID Identity protection "MFA Registration Policy" and target each ring group instead. These has all been E5 tenants. However, now im encountering a tenant where i can not use CA rules to enforce (this specific network must be excluded) and not everyone has Entra ID P2 licenses covering all the users (so i can not use the Entra Identity Protection "MFA Registration Policy") - However, i would love to use the policy for the amount of users that has the License. So my question is, if i activate the "MFA Registration Policy" for "all users" - will it be smart enough to only target those with valid licenses or do i need to create dynamic groups to single out all the 5-6 different licenses types that includes the P2 ? The more i read on recent changes in both product pages, learn and elsewhere im unable to find if i can actually use "MFA Registration Policy" with or without licenses - so if anyone is able to point me in the right direction here i would be happy to. Much appreciated. edit: I also know about the SSPR and get the "combined registration", however, in this instance we are unable to use SSPR. (alltho, it seems i can target an empty group with SSPR, enable it, and have some sort enforcement this way, but it seems to "the wrong way"). What i wish to achieve is every new account should register for MFA in an environment where i can not cover "the office location" with a CA that enforce MFA. I can not use SSPR combined user registration and therefor im looking into Identity protection MFA registration Policy but unclear about license requirement.1.9KViews0likes2CommentsList of all licenses and their meaning and function?
Hey Folk, I need help because I don't know exactly which license is actually responsible for what due to the large number of licenses. I would like to assign the necessary licenses to a group as precisely as possible and remove those that are not required. To do this, however, I need to know exactly which services are behind it, here is a list attached via screenshot. In my specific case, it's about intune managed devices whose users mainly use office, exchange, onedrive, sharepoint and teams. Does microsoft have a list of these anywhere? Thank you!686Views0likes1CommentNew Blog | Microsoft Entra ID Governance licensing for business guests
Thousands of customers have tested or deployed Microsoft Entra ID Governance since it launched on July 1, 2023, seeing the value in governing the identities of their workforce. Many of those customers have asked about extending this governance to the identities of their business guests—contractors, partners, and external collaborators—to more fully follow least privilege access principles while still enabling seamless collaboration. We are pleasedto announce that we're helping organizations to more easily manage this situation by creating a new ID Governance license for business guests. This license will operate on a monthly active usage (MAU) model. Customers will be able to acquire licenses matching their anticipated business guest MAU. Read the full blog here:Microsoft Entra ID Governance licensing for business guests - Microsoft Community Hub995Views0likes0CommentsIdentity Governance licensing question
Hi all, As we already know, we are required to have an additional add-on license for Identity Governance on top of P2 if we want to use features like Lifecycle workflows. My question is -- how many licenses do we need for this? For example, if we want to use these features to create and deploy lifecycle workflows for new users, do we need to purchase and assign licenses to each user in our tenant? Any help would be greatly appreciated. Thanks!1KViews0likes5Comments