- Azure AD Premium P1 vs P2 [Features, Cost &am...
Table of Contents
If you're using a cloud platform for your software services, you may be prone to security threats - both by internal employees and external attacks.
You'd ideally want to provide different professional accounts to all your employees while assigning different levels of access and permissions for all of them.
It'd also be great if you could see all these accounts in one place - so you'd have a single database that stores all the information about the users linked to the parent account.
Fortunately for Azure users, Microsoft's Azure Active Directory helps you do exactly that.
And if these basic levels of security don't work for you, Microsoft also offers Azure AD Premium, which has a broad range of extra features that enhance security and help you monitor and manage multiple users and devices.
What is Azure AD Premium P1 or P2?
Azure Active Directory is a cloud-based platform that helps you easily manage both on-premise and remote users.
Here's a summary of what it does:
- Helps employees sign into and access resources on your databases
- Supports the IT team with managing different users and groups within the organization network
- Enabling administrators to control team members' access to network resources, apps and devices
Azure AD Premium P1 vs. P2
Azure Active Directory is available in two plans: Azure Active Directory Premium 1 (P1) and Azure Active Directory Premium 2 (P2).
- Azure AD Premium P1 provides features such as identity management, access management, administration of dynamic groups, and Microsoft Identity Manager.
- Azure AD Premium P2 includes all of the features of Azure AD Premium P1 - plus a few more useful capabilities, such as Identity Protection and Privileged Identity Management (PIM).
You can use Azure Active Directory for managing:
- External resources like Microsoft 365, Azure portal, and hundreds of third-party SaaS applications
- Internal resources such as your own corporate network and proprietary applications,
While Azure Active Directory can help you organize and secure how your employees access your organization's resources, if you want to utilize the full extent of benefits offered by an Active Directory, you should consider Azure AD Premium.
The premium editions include additional security and management features.
The Value of Azure Active Directory
First, let's consider a scenario where the Azure Active Directory doesn't exist.
Your IT team provides each employee with a set of usernames and passwords to access different services (since every account has a specific set of permissions and access levels).
What kind of problems would that create?
- Employees would have trouble trying to remember and keep track of usernames and passwords for all the accounts they need to use
- The IT team would have trouble trying to keep track of the multiple user accounts and permissions given to each employee
This leads to confusion, error, and considerable risk since you and your employees have no way to manage or monitor the different accounts assigned to each user.
So, how does Azure AD help you streamline these tasks?
Let's imagine you have introduced Azure Active Directory into your organization's network. Through this service, you can:
- Provide just one username and password to each employee
- Assign multiple permissions to each employee's account based on which resources and services they need to use
- Control permissions given to each user based on when they need them, and revoke permission when they don't.
And you also have a single platform where you can store and track all this information!
Azure AD Premium P1 Features
Azure AD Premium P1 offers useful capabilities that are not included in the free version of AAD.
This table covers the key differences:
|Azure Active Directory (Free)||Azure Active Directory Premium 1 (P1)|
|Limited to 5000 Directory objects||Unlimited Directory objects|
|Single Sign-On can be assigned to 10 apps per user||Single Sign-On can be assigned to unlimited apps per user|
|Basic security reports||Advanced security reports|
|-||Dynamic groups, group creation, group naming policy, usage guidelines, etc.|
|-||Self-service application assignment to enable users to self-discover and request access to applications; this enables cloud app discovery|
|-||Ability to grant conditional access based on location, device state, and group|
|-||Microsoft Identity Manager|
AAD P1 could really help you make your identity and access management easier, faster and more secure. If you think your organization would benefit from the core offerings of AAD P1, you can reach out to Amaxra's experts to discuss whether it is the right fit.
Azure AD Premium P2 Features
Azure Ad Premium 2 offers four additional features that aren't accessible in the P1 or free version. These are:
- Identity protection
- Privileged Identity Management (PIM)
- Access reviews
- Entitlement management
Let's take a closer look at what those features mean and why they're valuable.
1. Identity Protection
Identity-based risks include any suspicious actions related to user accounts in the network and can be detected at the user activity and sign-in level.
Identity Protection allows organizations to detect, remediate, investigate, and document such risks.
Azure AD Premium 2 automates the detection and remediation of these risks.
This means that as soon as a risk is detected, it will trigger actions such as:
- Requiring users to perform Multi-Factor Authentication
- Requiring users to reset their password
- Blocking the user until the event can be reviewed by an administrator
Identity Protection also generates comprehensive reports for risky activities.
This provides you with an instant glimpse of key information such as:
- Risk type
- Similar risks detected simultaneously
- Sign-in attempt location
You can use these reports to take any necessary security actions within your organization or even share with solution partners for further analysis.
2. Privileged Identity Management (PIM)
Privileged Identity Management is a useful tool for managing access to the most important resources in your organization.
This allows you to limit the number of users that have access to your resources, which reduces the chance of malicious attacks or security threats due to errors by employees.
When managing sensitive company information and resources, it's important to restrict employees from getting excessive or unnecessary permissions.
This is exactly what PIM helps you achieve by allowing you to:
- Provide just-in-time privileged access to Azure AD and Azure resources
- Assign access to resources only when required by using start and end dates
- Activate privileged roles only when approved by the administrator
- Enforce multi-factor authentication
- Ask users for justification to understand why they activate certain roles
- Get notified when privileged roles are activated
- Download audit history
Basically, PIM ensures that privileged resources are well-protected and can only be accessed by the users you want, only for as long as you want.
3. Access Reviews
It's important that users have access to the resources they need to be productive.
But it's also important to ensure that they don't have excessive access or continued access even when they've left the organization.
Azure AD Premium 2 provides access reviews to help organizations manage and monitor users' access regularly.
It works by controlling group memberships, access to enterprise applications, and role assignments.
You can also set up recurring access reviews of certain users at certain periods of time, create reviews on certain user groups, and review policy oversight events.
4. Entitlement Management
Employees need access to different groups, applications, and sites, and these requirements can keep changing constantly.
Managing access while keeping your data secure can become challenging, especially when collaborating with external organizations.
Azure AD entitlement management helps you efficiently manage access to groups, applications, and sites for internal and external users.
Some of the ways in which it allows you to do that are:
- Control access to applications, groups, and sites with multi-stage approval
- Time-limited assignments and recurring access reviews
- Allow non-administrators the ability to create access packages that contain resources that users can request
- Allow access package managers to create policies for access such as which users can request, who needs to approve their access, and when the access expires.
- Assign organization partners whose employees can be added in your directory and given time-bound access
Both Azure AD Premium P1 and P2 have some features that would help you significantly enhance your workflow and make things easier for both your employees and administrators.
Now that we've discussed the advanced features of Azure Active Directory Premium P1 and P2, let's compare the two licenses by features and price.
Azure AD Premium P1 vs P2 (Features & Cost):
Trying to decide whether your organization needs Azure AS Premium P1 or P2 can be a tough choice.
We've provided a detailed list of the feature comparison below, but here's a quick summary:
P1 and P2 offer mostly the same features
However, only P2 offers:
- Vulnerability and risky account detection
- Risk event detection
- Risk-based conditional access policies
- Privileged Identity Management
- Access reviews
- Entitlement management
Here's the exhaustive list of features offered by both tools:
|Features||Azure AD Premium P1||Azure AD Premium P2|
|User and group management||Yes||Yes|
|Azure AD Connect Sync||Yes||Yes|
|Company branding (customization of login & logout pages, access panel)||Yes||Yes|
|Group access management for Office 365||Yes||Yes|
|Multi-factor authentication for phone & SMS||Yes||Yes|
|Azure AD features for guest users||Yes||Yes|
|Self-Service Password reset||Yes||Yes|
|Microsoft Cloud Apps Discovery||Yes||Yes|
|Azure AD Join: MDM auto enrollment and local admin policy customization||Yes||Yes|
|Azure AD Join: self-service bitlocker recovery, enterprise state roaming||Yes||Yes|
|Advanced security and usage reports||Yes||Yes|
|Group creation permission delegation||Yes||Yes|
|Group naming policy||Yes||Yes|
|Vulnerabilities and risky accounts detection||No||Yes|
|Risk events investigation||No||Yes|
|Risk based conditional access policies||No||Yes|
|Privileged Identity Management||No||Yes|
Now that you know what features are available in both subscriptions, you can weigh the pros and cons of Microsoft Azure AD Premium P1 & P2 against the difference in cost of both plans.
|Azure Active Directory Premium 1||Azure Active Directory Premium 2|
*Pricing accurate as of July 2022
If AAD P1 doesn't seem to fit your needs, you can get all the additional features offered by Azure Active Directory Premium 2 subscription for just an extra $3.00/user/month.
In case you're still unsure whether your organization needs an Azure Active Directory subscription or if you want to try out its features before you decide to purchase it, you can also get a free trial before buying a subscription.
Every organization has a unique set of requirements based on the number of employees, type of work, internal procedures, number of clients, and budget considerations.
Amaxra's consultants can help you decide which plan best suits your needs. We'll also offer consistent support to help you navigate the complex system of Microsoft's products and services.
Having Microsoft experts on your side will ensure you're making the most of your budget.
Azure AD Premium P1 License & Plans
You can combine your Azure AD Premium P1 editions with your existing Azure subscription.
If you don't have an Azure subscription, you'll need to get your Azure licensing plan before you can get an AAD Premium license.
There are multiple ways through which you can get an Azure Active Directory Premium license using your existing Microsoft subscriptions and plans, which include:
- Your existing Azure or Microsoft 365 subscription
- Your Enterprise Mobility + Security licensing plan
- Through a Microsoft Volume Licensing plan
When you activate your AAD Premium license using any of these subscriptions, you can automatically access premium features by logging into your Azure Active Directory.
Once you have Azure AD Premium, you can customize your domain, add your corporate branding, create a tenant, and add groups and users.
Azure AD Premium P1 is included with the following Microsoft 365 services, so if you have these, you already have the features available in P1:
- Microsoft 365 E3
- Microsoft 365 E5
- Microsoft 365 F1
- Microsoft 365 F3
- EMS E3
If you want to sign up for Azure AD Premium using a Microsoft Volume Licensing plan, you can choose any of these programs based on the number of licenses you want to get:
Need Help with Microsoft Licensing?Leave your Microsoft licensing, security, and software solutions to us so you can concentrate on moving your business forward.
Drop Us a Line
Azure AD Premium P2 License & Plans
While you can buy Azure Active Directory Premium 2 licenses through your Azure or Microsoft 365 subscription or through Microsoft Volume Licensing, some Microsoft services already have AAD P2 features included within the subscription.
P2 is included with the following Microsoft 365 services:
- Microsoft 365 E5
- Microsoft 365 E5 Security
- EMS E5
If you already have - or want to buy - any of these subscriptions, you can directly get access to the features included in P2 through your Azure portal.
If you have any more questions about how to buy an Azure Active Directory Premium license, you can reach out to Amaxra to help you purchase your license.
"What is included in Azure AD Premium P1?"
Azure AD Premium P1 includes:
- Single sign-on for SaaS applications,
- Service-service application assignment,
- Group-based access management,
- Administration of dynamic groups,
- Advanced usage reporting, and
- Microsoft Identity Management.
"What licenses include Azure AD Premium P1?"
P1 is included with Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 F1, Microsoft 365 F3, and EMS E3.
"What is Azure AD Premium P1 conditional access?"
Conditional access adds another layer of security. With it, employees can only access your applications from trusted and compliant devices. It's a policy-based approach.
"What is Azure AD Premium P1 MFA?"
Multi-factor authentication (MFA) is a process in which a user is prompted for additional forms of identification during a sign-in event - this usually means receiving and approving access via text message or email. This maximizes security because this additional factor isn't easy for an attacker to obtain or duplicate.
Azure Active Directory Premium is an identity and access management platform that helps organizations streamline how employees access corporate resources on the cloud.
It offers multiple features that help secure and manage access, such as multi-factor authentication (MFA), single sign-on for all employees, identity protection, advanced reporting, alters, and analytics.
Azure AD Premium is available in two plans, P1 and P2. Both offer a robust set of features.
If you need help evaluating Microsoft Azure AD Premium and choosing the right plan between P1 and P2, get in touch with Amaxra's Microsoft experts.
Get Started Today
We'll build a secure and complete Microsoft software solution for your business while you concentrate on what's important.