Active Directory (AD) helps businesses manage users, groups, and objects within their networks. So, you can assign users to groups, and assign each of those groups access to specific network resources, apps, and devices. This ability to control access at a variety of levels gives businesses the freedom to distribute resources to specific subgroups, which is critical for both resource management as well as compliance and regulation.
Not all Active Directory services are built the same. While Active Directory services like Windows Server Active Directory help businesses manage in-house assets and user identities throughout the corporate network, Azure Active Directory is built with cloud services in mind.
Different Azure Active Directory Licensing
Let’s take a look at some of Azure Active Directory licensing options. Before we begin, it’s important to note that Azure AD is already bundled into Office 365 licenses AND Azure licenses. However, Office and Azure clients can still purchase P1 and P2 versions for the additional benefits.
So let’s jump into the different Azure Active Directory licensing choices.
Free (Included in Azure Sub)
Identity management capabilities and device registration
Single Sign-On can be assigned to 10 apps per user
B2B collaboration capabilities (allows you to assign guest users that exist outside of your business)
Self-service password change (cloud users)
Connect (syncs on-premise AD to Azure AD)
Basic security reports
Group-based access management and provisioning
Self-service password reset (cloud users)
Ability to brand logon pages
Service Level Agreement
Premium P1 ($6 per user per month)
Unlimited Directory Objects
Identity management capabilities and device registration
Single Sign-On can be assigned to unlimited apps per user
B2B collaboration capabilities (allows you to assign guest users that exist outside of your business)
Self-service password change (cloud users)
Connect (syncs on-premise AD to Azure AD)
Advanced reports
Group-based access management and provisioning
Self-service password reset (cloud users)
Ability to brand logon pages
Service Level Agreement
Application proxy
Dynamic groups, group creation, group naming policy, usage guidelines, etc.
On-premise writeback for Self-service reset, change, and unlock
Two-way sync between on-premise and ADD
Microsoft Azure MFA
Microsoft Identity Manager user CAL
Cloud App Discovery
Connect Health
Conditional Access based on health/location.
Automatic password rollover (for group accounts)
Ability to grant conditional access based on location, device state, and group
Integrations with 3rd party identity governance partners
ToU
Sharepoint limited access
OneDrive for Business (limited access)
Preview integration for 3rd party MFA partners
Cloud App Security Integration
Premium P2 ($9 per user per month)
Everything offered in P1
Identity Protection
Privileged Identity Management
Access reviews
Office 365 (Included In Office 365 Subs)
Everything included in the Free Tier
Unlimited Directory Objects
Multi-factor authentication
What do P1 and P2 Share in Common?
Both of these options:
Provide unlimited directory objects
Give you identity management capabilities
Provide single sign-on for an unlimited amount of apps and unlimited users for those apps
Have B2B collab capabilities — which lets you grant access to guest users for collaborative abilities
Give self-service password change capabilities to users
Have Connect — which syncs Windows Server AD (or other on-premise AD) and Azure AD
Have advanced reports (see how apps are being utilized by users, see where risks exist, and troubleshooting capabilities)
Give you branding capabilities for portals/login pages
Have multi-factor authentication
Have app proxy
Include Group-based access management and provisioning
Have Microsoft Identity Manager user CAL
Come with a Service Level Agreement
Have Cloud App Discovery
Have Connect Health
Give you conditional access based on user location/devices
Have automatic password rollover
Give you the ability to integrate 3rd party identity governance partners and MFA partners
Have Terms of Use
Provide Sharepoint Limited Access
Give you limited access to OneDrive Business
Have CloudApp security integration
What’s the Difference Between P1 and P2
There are three core differences between P1 and P2. Firstly, Azure AD Premium P2 has Identity Protection, which lets you manage conditional access to apps. Secondly, P2 gives you Privileged Identity Management (PIM). That means you with additional management over privileged accounts. Finally, you get Access Reviews.
All of these features are typically reserved for enterprises, and small businesses probably won’t require any of these features.
To learn about Azure DevOps Server Pricing visit, Apps4Rent.