Our environment has Azure AD P2 license.
I created a test user, but did not explicitly assign that user an Azure AD P2 license. I created a Conditional Access policy for that user only, and set MFA as required.
I was able to use the MFA feature for that user just fine. Security Defaults are off, only the above mentioned Conditional Access policy has been configured.
In the documentation about SSPR it says that SSPR is licensed per-user. I turned on SSPR for all users, and was able to use SSPR for the test user mentioned above, again without explicitly assigning an Azure AD P2 license to that user.
Does this mean that Azure AD licenses are not enforced, but rather you need to assign licenses to users (for particular features) to stay compliant?
Or does it mean that once Azure AD P2 license is enabled on Azure AD, all features of P2 automatically becomes available for all users, and there is no need to explicitly assign licenses to users?