This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 73%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
I am testing Multi-Factor Authentication with Conditional Access for Exchange online. According to the following site I understand that, at a minimum, an "Azure Active Directory PREMIUM P1" license is required for each user included in the conditional access policy:
https://azure.microsoft.com/en-us/pricing/details/active-directory/
Now, while all works as desired for a user which has the license assigned, it also works as desired for a user which does not have an "Azure Active Directory PREMIUM P1" license assigned, meaning has only assigned the Conditional Access Policy
So my question is: Does anyone know why it also works for a user which does not have an "Azure Active Directory PREMIUM P1" license assigned? Do i take it wrong to think that an "Azure Active Directory PREMIUM P1" license is required for each user when using Multi-Factor Authentication with Conditional Access?
Thanks for your feedback in advance.
It works simply because Microsoft does not enforce licensing requirements in code for many of the features available in Azure AD/Office 365. This doesn't mean that it's OK to use them without an appropriate license, as you are in violation of the licensing agreement.
Thanks for your feedback michev, appreciated
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 13%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Please note that you can use MFA as part of the old legacy conditional access baseline policies without any AD P1 or P2 licences or you can use new new Azure AD security defaults without any AD P1 or P2. But this will then be MFA for all or non.