If you're using a cloud platform for your software services, you may be prone to security threats - both by internal employees and external attacks.
You'd ideally want to provide different professional accounts to all your employees while assigning different levels of access and permissions for all of them.
It'd also be great if you could see all these accounts in one place - so you'd have a single database that stores all the information about the users linked to the parent account.
Fortunately for Azure users, Microsoft's Azure Active Directory helps you do exactly that.
And if these basic levels of security don't work for you, Microsoft also offers Azure AD Premium, which has a broad range of extra features that enhance security and help you monitor and manage multiple users and devices.
Azure Active Directory is a cloud-based platform that helps you easily manage both on-premise and remote users.
Here's a summary of what it does:
Azure Active Directory is available in two plans: Azure Active Directory Premium 1 (P1) and Azure Active Directory Premium 2 (P2).
Put simply:
You can use Azure Active Directory for managing:
While Azure Active Directory can help you organize and secure how your employees access your organization's resources, if you want to utilize the full extent of benefits offered by an Active Directory, you should consider Azure AD Premium.
The premium editions include additional security and management features.
First, let's consider a scenario where the Azure Active Directory doesn't exist.
Your IT team provides each employee with a set of usernames and passwords to access different services (since every account has a specific set of permissions and access levels).
What kind of problems would that create?
This leads to confusion, error, and considerable risk since you and your employees have no way to manage or monitor the different accounts assigned to each user.
So, how does Azure AD help you streamline these tasks?
Let's imagine you have introduced Azure Active Directory into your organization's network. Through this service, you can:
And you also have a single platform where you can store and track all this information!
Azure AD Premium P1 offers useful capabilities that are not included in the free version of AAD.
This table covers the key differences:
Azure Active Directory (Free) | Azure Active Directory Premium 1 (P1) |
Limited to 5000 Directory objects | Unlimited Directory objects |
Single Sign-On can be assigned to 10 apps per user | Single Sign-On can be assigned to unlimited apps per user |
Basic security reports | Advanced security reports |
- | Dynamic groups, group creation, group naming policy, usage guidelines, etc. |
- | Self-service application assignment to enable users to self-discover and request access to applications; this enables cloud app discovery |
- | Ability to grant conditional access based on location, device state, and group |
- | Multi-factor authentication |
- | Microsoft Identity Manager |
AAD P1 could really help you make your identity and access management easier, faster and more secure. If you think your organization would benefit from the core offerings of AAD P1, you can reach out to Amaxra's experts to discuss whether it is the right fit.
Azure Ad Premium 2 offers four additional features that aren't accessible in the P1 or free version. These are:
Let's take a closer look at what those features mean and why they're valuable.
Identity-based risks include any suspicious actions related to user accounts in the network and can be detected at the user activity and sign-in level.
Identity Protection allows organizations to detect, remediate, investigate, and document such risks.
Azure AD Premium 2 automates the detection and remediation of these risks.
This means that as soon as a risk is detected, it will trigger actions such as:
Identity Protection also generates comprehensive reports for risky activities.
This provides you with an instant glimpse of key information such as:
You can use these reports to take any necessary security actions within your organization or even share with solution partners for further analysis.
Privileged Identity Management is a useful tool for managing access to the most important resources in your organization.
This allows you to limit the number of users that have access to your resources, which reduces the chance of malicious attacks or security threats due to errors by employees.
When managing sensitive company information and resources, it's important to restrict employees from getting excessive or unnecessary permissions.
This is exactly what PIM helps you achieve by allowing you to:
Basically, PIM ensures that privileged resources are well-protected and can only be accessed by the users you want, only for as long as you want.
It's important that users have access to the resources they need to be productive.
But it's also important to ensure that they don't have excessive access or continued access even when they've left the organization.
Azure AD Premium 2 provides access reviews to help organizations manage and monitor users' access regularly.
It works by controlling group memberships, access to enterprise applications, and role assignments.
You can also set up recurring access reviews of certain users at certain periods of time, create reviews on certain user groups, and review policy oversight events.
Employees need access to different groups, applications, and sites, and these requirements can keep changing constantly.
Managing access while keeping your data secure can become challenging, especially when collaborating with external organizations.
Azure AD entitlement management helps you efficiently manage access to groups, applications, and sites for internal and external users.
Some of the ways in which it allows you to do that are:
Both Azure AD Premium P1 and P2 have some features that would help you significantly enhance your workflow and make things easier for both your employees and administrators.
Now that we've discussed the advanced features of Azure Active Directory Premium P1 and P2, let's compare the two licenses by features and price.
Trying to decide whether your organization needs Azure AS Premium P1 or P2 can be a tough choice.
We've provided a detailed list of the feature comparison below, but here's a quick summary:
P1 and P2 offer mostly the same features
However, only P2 offers:
Here's the exhaustive list of features offered by both tools:
Features | Azure AD Premium P1 | Azure AD Premium P2 |
User and group management | Yes | Yes |
User provisioning | Yes | Yes |
Device registration | Yes | Yes |
Azure AD Connect Sync | Yes | Yes |
Company branding (customization of login & logout pages, access panel) | Yes | Yes |
Group access management for Office 365 | Yes | Yes |
Multi-factor authentication for phone & SMS | Yes | Yes |
Password Protection | Yes | Yes |
Azure AD features for guest users | Yes | Yes |
Self-Service Password reset | Yes | Yes |
Microsoft Cloud Apps Discovery | Yes | Yes |
Azure AD Join: MDM auto enrollment and local admin policy customization | Yes | Yes |
Azure AD Join: self-service bitlocker recovery, enterprise state roaming | Yes | Yes |
Advanced security and usage reports | Yes | Yes |
Dynamic Groups | Yes | Yes |
Group creation permission delegation | Yes | Yes |
Group naming policy | Yes | Yes |
Group expiration | Yes | Yes |
Usage guidelines | Yes | Yes |
Default classification | Yes | Yes |
Vulnerabilities and risky accounts detection | No | Yes |
Risk events investigation | No | Yes |
Risk based conditional access policies | No | Yes |
Privileged Identity Management | No | Yes |
Access reviews | No | Yes |
Entitlement management | No | Yes |
Now that you know what features are available in both subscriptions, you can weigh the pros and cons of Microsoft Azure AD Premium P1 & P2 against the difference in cost of both plans.
Azure Active Directory Premium 1 | Azure Active Directory Premium 2 |
$6.00/user/month | $9.00/user/month |
*Pricing accurate as of July 2022
If AAD P1 doesn't seem to fit your needs, you can get all the additional features offered by Azure Active Directory Premium 2 subscription for just an extra $3.00/user/month.
In case you're still unsure whether your organization needs an Azure Active Directory subscription or if you want to try out its features before you decide to purchase it, you can also get a free trial before buying a subscription.
Every organization has a unique set of requirements based on the number of employees, type of work, internal procedures, number of clients, and budget considerations.
Amaxra's consultants can help you decide which plan best suits your needs. We'll also offer consistent support to help you navigate the complex system of Microsoft's products and services.
Having Microsoft experts on your side will ensure you're making the most of your budget.
You can combine your Azure AD Premium P1 editions with your existing Azure subscription.
If you don't have an Azure subscription, you'll need to get your Azure licensing plan before you can get an AAD Premium license.
There are multiple ways through which you can get an Azure Active Directory Premium license using your existing Microsoft subscriptions and plans, which include:
When you activate your AAD Premium license using any of these subscriptions, you can automatically access premium features by logging into your Azure Active Directory.
Once you have Azure AD Premium, you can customize your domain, add your corporate branding, create a tenant, and add groups and users.
Azure AD Premium P1 is included with the following Microsoft 365 services, so if you have these, you already have the features available in P1:
If you want to sign up for Azure AD Premium using a Microsoft Volume Licensing plan, you can choose any of these programs based on the number of licenses you want to get:
As an Azure or Microsoft 365 subscriber, you can purchase the Azure Active Directory Premium editions online or through a certified Microsoft Partner such as Amaxra.
[blog-cta-2]
While you can buy Azure Active Directory Premium 2 licenses through your Azure or Microsoft 365 subscription or through Microsoft Volume Licensing, some Microsoft services already have AAD P2 features included within the subscription.
P2 is included with the following Microsoft 365 services:
If you already have - or want to buy - any of these subscriptions, you can directly get access to the features included in P2 through your Azure portal.
If you have any more questions about how to buy an Azure Active Directory Premium license, you can reach out to Amaxra to help you purchase your license.
Azure AD Premium P1 includes:
P1 is included with Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 F1, Microsoft 365 F3, and EMS E3.
Conditional access adds another layer of security. With it, employees can only access your applications from trusted and compliant devices. It's a policy-based approach.
Multi-factor authentication (MFA) is a process in which a user is prompted for additional forms of identification during a sign-in event - this usually means receiving and approving access via text message or email. This maximizes security because this additional factor isn't easy for an attacker to obtain or duplicate.
Azure Active Directory Premium is an identity and access management platform that helps organizations streamline how employees access corporate resources on the cloud.
It offers multiple features that help secure and manage access, such as multi-factor authentication (MFA), single sign-on for all employees, identity protection, advanced reporting, alters, and analytics.
Azure AD Premium is available in two plans, P1 and P2. Both offer a robust set of features.
If you need help evaluating Microsoft Azure AD Premium and choosing the right plan between P1 and P2, get in touch with Amaxra's Microsoft experts.
[blog-cta-1]