question

KevinLister-8629 avatar image
1 Vote"
KevinLister-8629 asked JasonNewman-0760 commented

Is Azure Active Directory Premium P2 required for every e-mail address or 1 per tenant?

Do I need to purchase a license of Azure Active Directory Premium P2 for every 0365 account I have, or is it 1 license per Tenant?

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
0 Votes"
michev answered michev commented

You need a license for any person that will directly or indirectly use a feature requiring P2/is under the scope of such feature.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KevinLister-8629
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·

Well, I'm still a little unsure of what I need. I did a Chat with Microsoft Sales yesterday, and they said that only the person setting up the functions that are added by Azure AD P2 needed a license, but Michev above is saying that all of my users would need a license for the functionality to work. So I'm still confused about how many licenses I need to buy.

I currently have 65 licenses of Office 365 E3, but only 1 of those licenses has Administrator privilege's.

0 Votes 0 ·

"Need" here does mean a technical necessity for the feature to work, you can very well configure things with a single P2 license assigned to your admin user, as Microsoft doesnt enforce licensing requirements in code (mostly). Which doesn't mean that things are going to be "OK" from licensing perspective.

1 Vote 1 ·
JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JasonNewman-0760 commented

@KevinLister-8629
Thank you for the quick follow up on this! When it comes to what @michev mentioned within the answer and comment, it's correct. For more info.


The Azure Active Directory Premium P2 license is licensed per-user, for example, if you were to have your entire Azure AD tenant utilize Privileged Identity Management (PIM), the license(s) must be assigned to the administrators and relevant users who intend to use PIM.

124796-image.png

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (40.2 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So the main use for us will be conditional access policies for use with Multi Factor Authentication. (Basically not requiring MFA while connected to the company LAN). So Based on your response above, I am assuming each O365 license will need a corresponding P2 license as well.

0 Votes 0 ·

CA policies require Azure AD P1, not P2. And yes, they require it for any user under the scope of a policy.

1 Vote 1 ·

Does “under the scope of the policy” include Excluding users from all the Conditional Access policies explicitly? That seems to be the only avenue to insure that unlicensed accounts don’t use them?

I know this is an old post but hoping to get a response

0 Votes 0 ·