Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

MDCA (Defender for cloud apps) and Risk Based Conditional Access

Brass Contributor

When you purchase E5, MDCA and Azure AD P2 become available. However, we have to limit the benefits for the number of users we license. Our AAD is much larger than the knowledge workers we are going to license with E5.  


If E5 (or AAD P2) is enabled, risk-based conditional access becomes available. As far as I oversee, this is related to two additional "parameters/options" within conditional access to filter/act on. 

How does this particular capability relate to assessment/judgments within MDCA (some use-cases, may be those where sign-in risks are assessed)? This is important as I understand if Risk Based Conditional Access should be used, every user in the tenant must be licensed for AAD P2 because; For risk-based conditional access policies in Identity Protection, Azure AD Premium P2 is needed for every user in the tenant, as risk calculation is performed for all users in the tenant.


Of course, this does not require every user to have an E5 license, but still, a lot of E3 and F1 licenses need upgraded with AAD P2 as well. 

0 Replies