Do I need to purchase a license of Azure Active Directory Premium P2 for every 0365 account I have, or is it 1 license per Tenant?
Do I need to purchase a license of Azure Active Directory Premium P2 for every 0365 account I have, or is it 1 license per Tenant?
You need a license for any person that will directly or indirectly use a feature requiring P2/is under the scope of such feature.
@KevinLister-8629
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Well, I'm still a little unsure of what I need. I did a Chat with Microsoft Sales yesterday, and they said that only the person setting up the functions that are added by Azure AD P2 needed a license, but Michev above is saying that all of my users would need a license for the functionality to work. So I'm still confused about how many licenses I need to buy.
I currently have 65 licenses of Office 365 E3, but only 1 of those licenses has Administrator privilege's.
"Need" here does mean a technical necessity for the feature to work, you can very well configure things with a single P2 license assigned to your admin user, as Microsoft doesnt enforce licensing requirements in code (mostly). Which doesn't mean that things are going to be "OK" from licensing perspective.
@KevinLister-8629
Thank you for the quick follow up on this! When it comes to what @michev mentioned within the answer and comment, it's correct. For more info.
The Azure Active Directory Premium P2 license is licensed per-user, for example, if you were to have your entire Azure AD tenant utilize Privileged Identity Management (PIM), the license(s) must be assigned to the administrators and relevant users who intend to use PIM.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
So the main use for us will be conditional access policies for use with Multi Factor Authentication. (Basically not requiring MFA while connected to the company LAN). So Based on your response above, I am assuming each O365 license will need a corresponding P2 license as well.
CA policies require Azure AD P1, not P2. And yes, they require it for any user under the scope of a policy.
Does “under the scope of the policy” include Excluding users from all the Conditional Access policies explicitly? That seems to be the only avenue to insure that unlicensed accounts don’t use them?
I know this is an old post but hoping to get a response
24 people are following this question.