Reply
Qlmpnr
Level 1 Contributor

Azure Premium P1 & P2 Licensing Question

I'm having a very hard time finding the answer to what seems like a simple question. I am global admin for ~ 5500 K-12 school district accounts (Our company is the IT Management provider/MS Partner for the district). With security issues and attacks becoming more prevalent, we're interested in utilizing some of the more advanced features of Azure AD security. With the free version we were, until recently, able to look at the Risky Sign-In report showing suspect logins to Azure and O365. That's no longer available, but even when it was, a P1 or P2 license was required to drill down to the actual risk detections.
With 5500 licensed accounts, would I really have to purchase P1 for 5500 * $6 = $33,000 or 5500 * $9 = $49,500 per MONTH in order to do things like block any emails or logins from Nigeria or Azerbaijan, etc. for my users, or viewing the specific risk detections used to flag an account? I was told by a Microsoft Engineer on an O365 support ticket related to this question that all I would need was a license for each account that woud ADMINISTER the services - in our case that would be a single licence.

$9/month or $50K/month - Which is it?

4 REPLIES 4
JanoschUlmer
Microsoft

Disclaimer: The answer below is based on my understanding of the scenario, it is not an official, binding statement of conformance. For legally binding answers the license terms as defined in the respective contracts should be checked directly.

I will also check again internally with our licensing team.

 

The risky sign-in detection and defining risk policies come with AAD Premium Plan2, and from the descrption of the scenario it seems to me that really all users where risk policies should be set for auto-remediation of risky sign-ins would need a license. See also this article for info how on the feature is licensed, who needs a license and how to scope the monitoring to only licensed users: https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#azure-active-directory-identity-protection

 

See "How do users benefit from the service?" in the above mentioned link and also the general statement on top of the article "Although some unlicensed users may technically be able to access the service, a license is required for any user that you intend to benefit from the service".

Overall, the question is if you just want to have access to more detailed reports or if you want to configure the risk policies.

 

You mentioned "in order to do things like block any emails or logins from Nigeria or Azerbaijan, etc. for my users" - this is not necessarily an Identity Protection feature that requires P2, blocking logins based on country of origin would be done using conditional access rules, and every user targeted by such a a policy would need AzureAD Premium P1.

 

Also, for K-12 school district there be discounted licenses available that cover also AAD Premium, like Microsoft 365 Education A3 or A5.

 

Azure

Kind regards,
Janosch
Get consultations form Technical Presales & Deployment services team via https://aka.ms/technicalservices
MarkChow
Visitor 1

What happens if I only want to view the security reports for things such as risky sign-ins, etc. Would everyone still need a license or only the administrators viewing the reports?

JanoschUlmer
Microsoft

Well, if you read on how the definition is done on who does benefit: https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#azure-active-directory-identity-protection  

"SecOps analysts and security professionals benefit from having consolidated views of flagged users and risk events based on machine learning algorithms"

you could say that as only the reports are used by the security analysts, only those need to have a license.

 

But then "End users benefit from (...)  the improved security provided by acting on vulnerabilities." it gets more complicated - how likely is it the the security will not act on some risk that was identified?

Kind regards,
Janosch
Get consultations form Technical Presales & Deployment services team via https://aka.ms/technicalservices
Andra
Community Manager

Good day, @Qlmpnr ,

 

Thank you very much for sharing your query with the Partner Community!

You can find advice here, so l am adding @JanoschUlmer to this thread, as he might have a quick answer.

 

Have a good day ahead!
Andra