question

HaileSelassie avatar image
0 Votes"
HaileSelassie asked ·

Multi-Factor Authentication with Conditional Access and Licensing

I am testing Multi-Factor Authentication with Conditional Access for Exchange online. According to the following site I understand that, at a minimum, an "Azure Active Directory PREMIUM P1" license is required for each user included in the conditional access policy:

https://azure.microsoft.com/en-us/pricing/details/active-directory/

Now, while all works as desired for a user which has the license assigned, it also works as desired for a user which does not have an "Azure Active Directory PREMIUM P1" license assigned, meaning has only assigned the Conditional Access Policy

So my question is: Does anyone know why it also works for a user which does not have an "Azure Active Directory PREMIUM P1" license assigned? Do i take it wrong to think that an "Azure Active Directory PREMIUM P1" license is required for each user when using Multi-Factor Authentication with Conditional Access?

Thanks for your feedback in advance.

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
2 Votes"
michev answered ·

It works simply because Microsoft does not enforce licensing requirements in code for many of the features available in Azure AD/Office 365. This doesn't mean that it's OK to use them without an appropriate license, as you are in violation of the licensing agreement.

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your feedback michev, appreciated

0 Votes 0 · ·
christailor-7130 avatar image
0 Votes"
christailor-7130 answered ·

Please note that you can use MFA as part of the old legacy conditional access baseline policies without any AD P1 or P2 licences or you can use new new Azure AD security defaults without any AD P1 or P2. But this will then be MFA for all or non.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-security-defaults

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.