Azure

Comparing Azure Active Directory Licensing – Free vs Basic vs P1 vs P2

Comparing Azure Active Directory Licensing Free vs Basic vs P1 vs P2

Azure Active Directory licensing on Microsoft Azure can be perplexing for several businesses. Microsoft continues adding different license options to its identity services and multiple choices and to lay its foundation on the industry vertical integration. Examples of these licenses are GCC for governments, F1 for the first-line workers, and more. It can be complicated to recognize which licensing option suits your business needs.

Also Read: How to Setup Active Directory on Windows Server 2019

One of the central elements of the contemporary IT infrastructure is identity management. It is up to you to manage resource access to particular users on your on-site network and cloud system. Moreover, there must be a restriction on the unauthorized accounts accessing the authorized apps and data. It is harmful to business, and it definitely gives rise to compliance risk aspects.

The majority of businesses that use Microsoft, regardless of their IT system, must be using Azure Active Directory. This Microsoft licensing assists them in supervising identity services. You might be already using Azure AD, which is packed with Office 365 subscriptions and the Azure subs.

Microsoft provides 4 significant Azure Active Directory Licenses from which businesses can opt from. The present article compares these licenses and discusses the importance of Azure Active Directory at the business level. The article also discusses its comprehensive function within Microsoft’s system. Before learning about these licenses, let’s first get an overview of Active Directory.

What is Active Directory?

Source: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain

Active Directory (AD) aids businesses in dealing with users, groups, and components in their networks. Therefore, you can allocate users to groups and then allocate each of these groups access to explicit network resources, devices, and apps. The particular capability to manage access at various levels facilitates businesses to hand out resources to precise subgroups. The same is vital when viewed from the perspective of resource management and compliance and regulation.

Every Active Directory service is not designed identically. For example, the Active Directory services, Windows Server Active Directory, let businesses deal with the internal assets and user integrity all through the business network. On the other hand, the Azure Active Directory is designed considering cloud services.

Overview of Azure Active Directory:

Source: Integrate a single forest with a single Azure AD tenant

Read More here: Integrate a single forest with a single Azure AD tenant

Azure Active Directory (alternatively Azure AD) allows you to administer identity like users, groups, etc. It also enables you to manage access to devices, apps, and data through the cloud. This implies that both access and identity are dealt with completely from the cloud. Moreover, all your services and cloud apps will use Azure AD.

One thing to note is Azure AD is straight away helpful for Microsoft apps. However, it could prove useful to command the identity and access controls of your whole organization. Several organizations set up a hybrid AD system with the help of Azure AD and an additional on-premise AD (usually Windows Active Directory.)

Azure AD vs Windows Active Directory:

Azure Active Directory is useful to supervise identity across Windows, Azure, and web apps. This directory can be thought of as a service present exterior to the Windows Server Active Directory network. The Windows Server Active Directory offers domain services, federation services, lightweight directory services, and more to deal with network policy, identity, and servers on business networks. On the other hand, Azure AD was designed considering web apps.

The significance of Azure AD is high when the matter comes to cloud apps and resources. For example, the on-site Active Directory services, such as Windows Server Active Directory, are appropriate for dealing with identity, SSO, etc., in your network. However, these services cannot manage the complexity of cloud apps. Windows Server AD will supervise your on-premise Active Directory requirements, whereas Azure AD will supervise your cloud Active Directory.

Both these directories are important. Perhaps, you will use both of them for managing access and control for your user and group. Chiefly, Azure AD is helpful for those organizations that already shifted the apps to the cloud. Also, it is helpful for organizations that face several user/password concerns because their existing Active Directory is incompetent to deal with the migration.

Note that the enterprise protocol languages are different for Windows Server AD and Azure AD. The Windows Server AD utilizes LDAP, Kerberos, etc., whereas Azure AD utilizes Rest APIs and OAuth 2.0 tokens. So, it implies that apps should be built with the help of Azure AD.

Various Azure Active Directory Licensing:

The following section highlights a few of the Azure Active Directory licensing alternatives. Before moving further, note that Azure AD comes formerly bundled into Office 365 licenses and Azure licenses. But Azure and Office clients can buy P1 and P2 versions for acquiring the extra benefits.

Now let’s look into the various Azure Active Directory licensing options.

Free (Included in Azure Sub):

  • Up to 500,000 Directory Objects
  • Identity management competencies and device registration
  • Single Sign-On available for distribution to 10 apps/user
  • Easy provisioning
  • B2B collaboration competencies (enable you to allocate guest users existing outside your business)
  • Federated Authentication (ADFS or 3rd party IDP)
  • Self-service password change (for cloud users)
  • Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO)
  • Connect (syncs on-premise AD to Azure AD)
  • Azure AD Join: desktop SSO and administrator BitLocker recovery
  • Multi-Factor Authentication (may vary by subscription)
  • Basic security and usage reports

Basic ($1 per user per month):

  • Unlimited Directory Objects
  • Identity management competencies and device registration
  • Single Sign-On can be assigned to 10 apps per user
  • Easy provisioning
  • B2B collaboration competencies (enable you to assign guest users existing exterior of your business)
  • Self-service password reset (for cloud users)
  • Connect (syncs on-premise AD to Azure AD)
  • Basic security reports
  • Group-based access management and provisioning
  • Do It Yourself password reset (for cloud users)
  • Ability to brand logon pages
  • Service Level Agreement (SLA)

Premium P1 ($6 per user per month):

  • Unlimited Directory Objects
  • Identity management capabilities and device registration
  • Single Sign-On can be assigned to unlimited apps per user
  • Easy provisioning
  • B2B collaboration capabilities (enable you to assign guest users existing exterior to your business)
  • Federated Authentication (ADFS or 3rd party IDP)
  • Self-service password reset (cloud users)
  • Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO)
  • Connect (syncs on-premise AD to Azure AD)
  • Azure AD Join: desktop SSO and administrator BitLocker recovery
  • Group-based access management and provisioning
  • Ability to brand logon pages
  • Service Level Agreement (SLA)
  • Application proxy
  • Dynamic groups, group creation, group naming policy, usage guidelines, etc.
  • On-premise writeback for Self-service reset, change and unlock
  • Multi-factor authentication
  • Two-way sync between on-premise and ADD
  • Microsoft Identity Manager user CAL
  • Cloud App Discovery
  • Connect Health
  • Automatic password rollover (for group accounts)
  • Conditional Access based on health/location.
  • Password Protection for Windows Server Active Directory (global and custom banned password)
  • Microsoft Cloud App Discovery
  • Ability to grant conditional access based on location, device state, and group
  • Azure AD Join: MDM auto-enrollment and local admin policy customization
  • Integrations with 3rd party identity governance partners
  • Sharepoint limited access
  • OneDrive for Business (limited access)
  • Preview integration for 3rd party MFA partners
  • Terms of Use (set up terms of use for specific access)
  • Advanced security and usage reports
  • Cloud App Security Integration

Premium P2 ($9 per user per month):

  • Everything available in P1
  • Identity Protection
  • Privileged Identity Management
  • Access reviews
  • Entitlement Management

Office 365 (Included In Office 365 Subs):

  • Everything available in the Free Tier
  • Multi-factor authentication
  • Unlimited Directory Objects

Free vs. Basic vs. Office 365:

Those who want fundamentals Azure AD services must consider one of the 3 tiers, i.e., free, basic, and Office 365. Now let’s look at the basic differences between them:

Free vs. Office 365:

These two Azure AD environments would become parts of your prevailing license. Therefore, if you are having only an Azure license, go for the free version. If you are having only an Office 365 license, then go for the Office 365 option.

The Office 365 option provides 2 benefits to the free version –unlimited directory objects and multi-factor authentication.

Having multiple layers of authentication is vital in the present-day business environment. The unlimited objects are critical for the majority of businesses. This is perceptible chiefly if you have 20+ employees or you are using plenty of cloud apps. Usually, you need not select between these two options. Either you will have an Office 365 license or don’t have one.

Office 365 vs. Basic:

The 2 key differences between these two versions are as follows:

  • The basic version provides you access to the application proxy. With the app proxy, your cloud AD and on-site AD get bridged together via a solitary portal or external URL.
  • The Office 365 version provides you multi-factor authentication.

Except for these 2 points, these two versions are identical in terms of features.

P1 vs P2:

For those who want to upgrade into either P1 or P2 space to obtain additional features, the Azure AD resources are certainly enough. These tiers offer certain vital components that are not found in the above 3 versions, i.e., basic, free, and Office 365. These components are beneficial for compliance, security, and identity management.

Common features in P1 and P2:

  • Offer unlimited directory objects
  • Offer single sign-on for a limitless amount of apps and limitless users for those apps.
  • Provide identity management competences
  • Possess B2B collab abilities allowing access to guest users for collaborative features
  • Provide self-service password modification capabilities to users
  • Have to Connect that syncs Azure AD and Windows Server AD (or some other on-premise AD)
  • Provide you branding capabilities for the portals or login pages
  • Provide advanced reports (you can know how the users are using apps, know the location of risks, and troubleshooting abilities)
  • Support multi-factor authentication
  • Support app proxy
  • Support Microsoft Identity Manager user CAL
  • It comes with Group-based access management and provisioning
  • Have Connect Health
  • Cloud App Discovery
  • Provide you provisional access depending on user devices or location
  • Ability to integrate 3rd party identity governance partners as well as MFA partners
  • Automatic password rollover
  • Offer Sharepoint Limited Access
  • Limited access to OneDrive Business
  • Terms of Use
  • Service Level Agreement (SLA)
  • Support CloudApp security integration

Difference between P1 and P2:

Here are the 3 key differences between P1 and P2:

  • P2 comes with Identity Protection, allowing you to manage conditional access to apps.
  • P2 provides you Privileged Identity Management (PIM). It provides you with extra management on privileged accounts.
  • P2 provides Access Reviews.

These features are held back for enterprises. Perhaps, small businesses don’t need any of them.

Difference between Free, M354 Apps vs P1 and P2

Core Identity and Access Management FREE OFFICE 365 APPS PREMIUM P1 PREMIUM P2
Directory Objects1 5,00,000 Object Limit No Object Limit No Object Limit No Object Limit
Single Sign-On (SSO) (unlimited)2 Available Available Available Available
Easy provisioning Available Available Available Available
Federated Authentication (ADFS or 3rd party IDP) Available Available Available Available
User and group management (add/update/delete) Available Available Available Available
Device registration Available Available Available Available
Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO) Available Available Available Available
Azure AD Connect sync (extend on-premises directories to Azure AD) Available Available Available Available
Self-Service Password Change for cloud users Available Available Available Available
Azure AD Join: desktop SSO and administrator BitLocker recovery Available Available Available Available
Password Protection (global banned password) Available Available Available Available
Multi-Factor Authentication3 Available Available Available Available
Basic security and usage reports Available Available Available Available
External Identities
Secure and manage customers and partners Your first 50,000 monthly active users free. Pay only for what you use.
Identity and Access Management for Office 365 apps
Company branding (customization of login and logout pages, access panel) Not available Available Available Available
Self-service password reset for cloud users Not available Available Available Available
Service Level Agreement (SLA) Not available Available Available Available
Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back) Not available Available Available Available
Premium Features
Password Protection (custom banned password) Not available Not available Available Available
Password Protection for Windows Server Active Directory (global and custom banned password) Not available Not available Available Available
Self-service password reset/change/unlock with on-premises write-back Not available Not available Available Available
Group access management Not available Not available Available Available
Microsoft Cloud App Discovery4 Not available Not available Available Available
Azure AD Join: MDM auto-enrollment and local admin policy customization Not available Not available Available Available
Azure AD Join: self-service BitLocker recovery, enterprise state roaming Not available Not available Available Available
Advanced security and usage reports Not available Not available Available Available
Hybrid Identities
Application Proxy Not available Not available Available Available
Microsoft Identity Manager user CAL5 Not available Not available Available Available
Connect Health6 Not available Not available Available Available
Advanced Group Access Management
Dynamic groups Not available Not available Available Available
Group creation permission delegation Not available Not available Available Available
Group naming policy Not available Not available Available Available
Group expiration Not available Not available Available Available
Usage guidelines Not available Not available Available Available
Default classification Not available Not available Available Available
Conditional Access
Conditional Access based on group, location, and device status Not available Not available Available Available
Azure Information Protection integration Not available Not available Available Available
SharePoint limited access Not available Not available Available Available
Terms of Use (set up terms of use for specific access) Not available Not available Available Available
Multi-Factor Authentication with Conditional Access Not available Not available Available Available
Microsoft Cloud App Security integration Not available Not available Available Available
3rd party identity governance partners integration Not available Not available Available Available
Identity Protection
Vulnerabilities and risky accounts detection Not available Not available Not available Available
Risk events investigation Not available Not available Not available Available
Risk-based Conditional Access policies Not available Not available Not available Available
Identity Governance
Privileged Identity Management (PIM) Not available Not available Not available Available
Access Reviews Not available Not available Not available Available
Entitlement Management Not available Not available Not available Available
Price Free M365 E1, E3, E5, F3 $6 user/month $9 user/month

** Always check original source for the latest information

Azure AD Q&A:

1. Is Azure AD available for governments?

Yes, both GCC High and Azure Government support Azure AD.

2. Is Azure AD available for educational institutions?

Yes, Azure AD Free is packed into education licensing for Office 365.

3. Are there any exceptional Azure AD features accessible for those users having a Windows 10 License?

Yes, Azure AD could be used with the Windows 10 licenses. It also provides exceptional features like connecting a device to Azure AD, Administrator Bitlock recovery, and Windows Hello for Azure AD.

P1 and P2 versions come with Azure AD join, MDM self-enrollment, and Enterprise State Roaming.

Final Thoughts:

When the matter comes to Active Directories, each business has unique requirements. The discussed above are the 4 key Azure Active Directory licensing options provided by Microsoft. These options provide the required features for companies of all sizes and shapes.

Disclaimer: The Questions and Answers provided on https://www.gigxp.com are for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose.

What's your reaction?

Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0

You may also like

Comments are closed.

More in:Azure