Entra ID Licensing Guide

What is Microsoft Entra ID?

Microsoft Entra ID (formerly known as Azure Active Directory, or Azure AD) is Microsoft’s cloud-based identity and access management service. It provides essential tools for managing users, groups, and access to resources in your organization, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Entra ID serves as the backbone for secure user authentication, identity protection, and access control in the cloud and on-premises environments.

Key Features of Microsoft Entra ID

• User Authentication: Ensures that only authorized users can access your resources by providing secure, multi-factor authentication (MFA) and single sign-on (SSO) capabilities.
• Conditional Access: Enforces policies to ensure that users only access resources when they meet specific security conditions, like device compliance or location.
• Identity Protection: Uses advanced machine learning and behavioral analytics to detect and respond to identity risks, including compromised accounts or risky logins.
• Access Management: Manages access to applications and resources by controlling permissions, creating security groups, and setting up role-based access control (RBAC).
• B2B and B2C Capabilities: Allows secure collaboration with external users (B2B) and provides a scalable identity management system for customer-facing applications (B2C).
• Self-Service Capabilities: Provides users with self-service password reset (SSPR) and profile management features to reduce IT workloads.

Licensing Tiers

1. Entra ID Free

Provides basic user and group management, SSO for up to 10 apps, and self-service password change for cloud users. Ideal for small organizations with minimal identity management needs.

2. Entra ID Premium P1

P1 features include:

• Conditional Access, Role-based access control (RBAC), Advanced group management (dynamic groups, naming policies, expiration, default classification)
• Cross-tenant user synchronization, multitenant organizations
• SharePoint limited access, Session lifetime management
• Global password protection and management (custom banned passwords, users synchronized from on-premises Active Directory)
• Application launch portal and user application collections in My Apps
• Self-service: password change, reset, and unlock; sign-in activity search and reporting; group management (My Groups); entitlement management (My Access); app launching (My Apps); delegated password resets and phone number management (My Staff)

Microsoft Entra ID Governance features: Automated user provisioning to SaaS apps, automated user provisioning to on-premises apps, automated group provisioning to apps, HR-driven provisioning and Terms-of-use attestation.

Microsoft Entra Verified ID features: Verifiable credentials issuance and verification.

P1 is suitable for SMB customers, usually as part of a Business Premium license plan or for customers using a different collaboration platform such as Google Workspace who usually use P1 licenses or Enterprise Mobility And Security E3 if they are interested in Intune MDM as well.

3. Entra ID Premium P2

P2 includes everything in P1 plus:

Microsoft Entra ID Governance features:

• Basic access certifications and reviews
• Basic entitlement management
• Privileged identity management

Microsoft Entra ID Protection features:

• Risk-based conditional access
• Real-time dynamic sign-in assessment
• Real-time dynamic user assessment
• Authentication context (step-up authentication)
• Device and application filters for conditional access
• Token protection
• Vulnerabilities and risky account detection
• Risk event investigation

4. Microsoft Entra Suite

Microsoft Entra Suite is a new service plan that requires basic Entra ID P1 licenses. It includes all P1 and P2 features plus:

Additional Governance features:

• Machine learning-assisted access certifications and reviews
• Entitlement management custom extensions (Azure Logic Apps)
• Entitlement management with Microsoft Entra Verified ID
• Lifecycle workflows and Identity governance dashboard

Additional Verified ID features:

• High-assurance entitlement management with Entra ID Governance
• Face Check high-assurance facial matching verification

Microsoft Entra Internet Access:

• Universal conditional access, Traffic logging and policy monitoring
• Web category filtering, Fully qualified domain name filtering

Microsoft Entra Private Access:

• Identity-centric Zero Trust network access (ZTNA)
• Conditional access across all private apps and resources
• Adaptive multifactor authentication, Seamless SSO access

Additional Stand-Alone Products

• Microsoft Entra ID Governance — Available for P1 and P2 customers as a stand-alone add-on for securing access and automating approval processes.
• Microsoft Entra Workload ID — Helps control workload identity access with adaptive policies and reduce risk from lost or stolen credentials.
• Microsoft Entra Domain Services — Manage domain services in the cloud, join Azure VMs to a managed domain.
• Microsoft Entra Verified ID — Verify and issue credentials from your organization for any unique identity attributes.
• Microsoft Entra Permissions Management — Multidimensional view of risks across identities, permissions, and resources across AWS, Azure, and GCP.

Entra ID and Microsoft 365

When purchasing Microsoft 365, Entra ID is included with various plans:

• Microsoft 365 Business Plans: Typically include basic Entra ID functionality. Business Premium includes Entra ID P1.
• Microsoft 365 Enterprise Plans: E3 includes Entra ID Premium P1. E5 or E5 Security includes Entra ID P2.

Conclusion

Microsoft Entra ID is a powerful cloud-based identity management solution designed to secure user access and protect your organization’s resources. With a range of licensing options, it can meet the needs of businesses of all sizes, ensuring a flexible, secure, and scalable solution for managing identities in a hybrid and multi-cloud environment.