cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PIM License requirement

Dipronildey
Copper Contributor

‎Oct 10 2023 02:42 AM

‎Oct 10 2023 02:42 AM

PIM License requirement

Hello Team,

I have a doubt regarding Azure AD PIM Licensing. According to the documentation: 

"Licenses you must have
Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have employees that will be performing the following tasks:

Users assigned as eligible to Azure AD or Azure roles managed using PIM
Users who are assigned as eligible members or owners of privileged access groups
Users able to approve or reject activation requests in PIM
Users assigned to an access review

Users who perform access reviews "

 

In my tenant, The Azure AD P2 (Microsoft Entra ID P2) license is assigned at the tenant level.

Dipronildey_0-1696930559978.png

 

Now my question is - 

1. I have 30 users that will be added to some privileged role and will be managed via PIM. In My tenant I have 40 E5 licenses. Do 30 Azure AD E5(P2 will get automatically provisioned) licenses need to be assigned to these individual 30 users who will be in scope of PIM? or no need to assign as the tenant has already Azure AD P2 license activated at tenant level.

 

2. If I do not assign the license to the users individually, will I breach any compliance policy from Microsoft?

 

Please help me here.

3,639 Views
0 Likes
3 Replies
Reply
3 Replies
eliekarkafy

‎Oct 10 2023 02:56 AM - edited ‎Oct 10 2023 02:57 AM

‎Oct 10 2023 02:56 AM - edited ‎Oct 10 2023 02:57 AM

Re: PIM License requirement

@Dipronildey to use PIM you need the ENTRA P2 license for each user. for if you have 30 users that needs PIM , then you need 30 ENTRA P2 licenses. if those users already licensed with E5 than that enough as P2 is included in the E5 plan . you can buy also the ENTRA P2 license as standalone.  

0 Likes
Reply
Dipronildey

‎Oct 11 2023 10:35 PM

‎Oct 11 2023 10:35 PM

Re: PIM License requirement

Hello @eliekarkafy 

 

Thank you for your reply. I checked, the PIM feature is working though even not assigning any P2 license to the users. Why is that? and If I do not assign any license to the users, am I violating any compliance policy from Microsoft?

0 Likes
Reply
juliansperling

‎Oct 12 2023 02:03 AM

‎Oct 12 2023 02:03 AM

Re: PIM License requirement

Microsoft historically does not closely value correct Assignments, the Volume of Licenses available in the Tenant has to fit the Usage. Directly Assigning the Licenses simplifies tracking / auditing by a lot though.

Back to your original Question, Especially in PIM the License does not necessarily have to be assigned to the User since these Features are usually used by separate Admin Accounts - as far as i know, Microsoft does not License Accounts in an Organisation but People, so if a person has an E5 License his separate Admin Account does not need an Additional P2 License.

Side Track why it works without assigning the License: There are a lot of Features that are Available to all Users once one License is available in the Tenant - This stems from the Technical side in Microsoft not being able to keep up with what the License guys are coming up with on a monthly basis. This is usually especially Problematic with Trial Licenses, since even when the Trial expires the Features you are no longer entitled to often remain available ;)
0 Likes
Reply