In this article, we are going to discuss Azure Active Directory Premium Features. Before discussing the features, let’s have a brief overview of What is Azure Active Directory. The available licenses, their cost, and types.
Azure Active Directory Premium Features
What is Azure Active Directory?
- Azure Active Directory or the Azure AD is an Identity and Access Management (IAM) facility provided in the Azure cloud. The Azure cloud contains various resources or services in them like Virtual Machines (VMs), Virtual networks (VNETs), Security Groups (SGs), etc.
- To get access to the Azure-based resources or services, a user needs to sign in to the Azure portal, and this is where the Azure AD comes into the picture for user’s authentication.
Who can use Azure AD?
- Azure AD can be used by a company’s employees, partners, and third-party vendors if they have been provided the proper authentication by the company hosting the Azure Cloud through the Azure Active Directory.
What is an Azure AD license?
Azure AD license is a “paid capability” (other than the free tier) that a user needs to avail of after payment, to specifically use the higher-end features of the Azure Active Directory, namely the – enhanced security, monitoring, secure access to users, etc., to name a few.
What is Azure AD Premium?
As discussed above, the Azure AD Premium is a “type” of license that a user needs to avail of after payment, to use the specialized features of Azure Active Directory.
What are the flavors of Azure AD Premium?
Azure AD premium comes in two flavors – Azure AD Premium P1 and Azure AD Premium P2
What features are in Azure AD Premium P1?
The following are some of the features that are available in Azure AD Premium P1
- Self-service password change
- Self-service password reset
- Self-service password unlock
- Group access management
- Multi-Factor Authentication (MFA) using SMS, Phone call, or Mobile App
- Conditional access based on location, group, etc.,
- MFA with conditional access
What is Group Access Management?
This enables the users to create their own Azure AD groups (like developers, administrators, etc.,), Ownership of the group can be delegated to another user, Users can request access to other groups (like a person from a developer group can request access to an administrator group, etc.,)
What is the cost of using Azure AD Premium P1?
The cost is $6.00 per user per month
What features are in Azure AD Premium P1?
The following are some of the features that are available in Azure AD Premium P2 in addition to the Azure AD Premium P1 features stated above
- Privileged Identity Management (PIM)
- Entitlement Management
- Access Reviews
- Risk-based conditional access policies
- Identity Protection using risky sign-ins, risk detection, and risky users feature
What is Entitlement Management?
With Entitlement Management, for the internal users, we can manage access to groups in Azure AD, Azure resources, or apps hosted on the Azure platform. This is applicable even to the external users who use the Azure resources.
What are Access Reviews?
In Access reviews, as the name implies, the user’s access is constantly reviewed so that only the application access to the applicable resources is continued throughput (the concept of “least privilege” is applied here). With this, we can also manage role assignments, memberships to any groups, or even access to the applications hosted on the Azure Platform.
What is Privileged Identity Management?
Using the Privileged Identity Management (PIM), we can control access to the important Azure resources in any organization. This is applicable to monitoring a particular Azure resource, Managing a particular Azure resource based on the user’s privileges (remember it is a Premium P2 license and therefore has a cost attached to it for availing PIM)
What is the cost of using Azure AD Premium P2?
The cost is $9.00 per user per month
The following is the reference link for a complete set of features based on the license that the user has opted for for his Azure Active Directory.
Reference:
https://docs.microsoft.com/en-in/azure/active-directory/
https://docs.microsoft.com/en-in/azure/active-directory/authentication/concept-mfa-licensing#available-versions-of-azure-ad-multi-factor-authentication
Azure Active Directory Premium Features
The below image shows the main difference between using the Azure Active Directory Premium P1 and P2 licenses.
The below table shows the complete list of features that are available separately in the Azure Active Directory Premium – P1 and P2
Azure AD Premium P1 vs P2 Feature Comparison
Feature | Azure AD Premium P1 | Azure AD Premium P2 |
Protect Azure AD tenant admin accounts with MFA | ● | ● |
Mobile app as a second factor | ● | ● |
Phone calls as a second factor | ● | ● |
SMS as a second factor | ● | ● |
Admin control over verification methods | ● | ● |
Fraud alert | ● | ● |
MFA Reports | ● | ● |
Custom greetings for phone calls | ● | ● |
Custom caller ID for phone calls | ● | ● |
Trusted IPs | ● | ● |
Remember MFA for trusted devices | ● | ● |
MFA for on-premises applications | ● | ● |
Conditional access | ● | ● |
Risk-based conditional access | ● | |
Identity Protection (Risky sign-ins, risky users) | ● | |
Access Reviews | ● | |
Entitlements Management | ● | |
Privileged Identity Management (PIM), just-in-time access | ● |
Feature | Azure AD Premium P1 or P2 |
Cloud-only user password change | ● |
When a user in Azure AD knows their password and wants to change it to something new. | |
Cloud-only user password reset | ● |
When a user in Azure AD has forgotten their password and needs to reset it. | |
A hybrid user password change or reset with on-prem writeback | ● |
When a user in Azure AD that’s synchronized from an on-premises directory using Azure AD Connect wants to change or reset their password and also write the new password back to on-prem. |
The following table gives the pricing details for the Azure AD – Premium – P1 and P2 licenses
Azure AD Premium P1 vs P2 Price Comparison
Purchase Method | Azure Premium P1 | Azure Premium P2 |
Microsoft Representative | Included with Microsoft 365 | Included with Microsoft 365 |
Online | $6 user/month* | $9 user/month* |
Azure Active Directory Premium Features
FAQs
#1. Which feature is provided only with Microsoft Azure Active Directory Premium?
Following are the features which are only provided with Microsoft Azure active directory Premium :
Entitlement Management
Access Reviews
Privileged Identity Management
Custom caller ID for phone calls
MFA reports
Risk-based conditional access
#2. What is included in Azure Active Directory Premium P1?
Enclosed are some of the important features that are included in Azure AD Premium P1:
Fraud Alert
Trusted IPs
Conditional Access
MFA for applications that are running on-premises
#3. What are the features provided by Azure Active Directory?
Here are some of the important features provided by the Azure Active Directory :
Second-factor authentication using: SMS, Phone call, and Mobile App
Trusted IPs
Conditional Access
MFA for applications that are running on-premises
#4. What is Azure AD premium P1 or P2?
Azure AD Premium P1 is a licensing methodology that applies to the Azure Active Directory. Using this license, the user can get some additional features when he uses the
Azure Active Directory (vis-à-vis the Azure AD Free tier). Some features of using the Azure AD Premium P1 license are shown in the feature comparison table in this article above.
Azure AD Premium P2 is again a licensing methodology that applies to the Azure Active Directory. Here, it will combine the features of the P1 license, plus some other extra features (like risk-based conditional access) as noted in the screenshots above.
We hope this article on Azure Active Directory Premium Features was useful.
Related articles:
How to Check Azure Credit ( Easy Guide )
The term Get-AzureAccount is not recognized error: How to fix it
How to fix Because of Protocol Error Code 0x112d ( Easy Guide)