Are you buying for a business based in EU? Please enter your business VAT number to avail reverse charge. VAT will not be applied at checkout.
Note: VAT will be applicable for businesses based in the Netherlands.
Azure Active Directory Premium P2: A comprehensive cloud Identity and access management solution with advanced identity protection for all your users and administrators
|Azure Active Directory Premium P2|
Accounts and security
Security comes standard in all Microsoft products. Use these resources to get secure today and protect against future threats.
| Azure Active Directory
Azure Active Directory is a comprehensive, highly available identity and access management cloud solution that combines core directory services, advanced identity governance, and application access management. Azure Active Directory also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.
| Directory objects
Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.
|No object limit|
|User/Group Management (add/update/delete)/ User-based provisioning, Device registration||✓|
|Single Sign-On (SSO)||Pre-integrated SaaS and developer-integrated apps, application proxy apps, self-service app integration templates. Admins can configure SSO and change user access to different SaaS apps, but SSO access is only allowed for 10 apps per user at a time. All Office 365 apps are counted as one app.|
| B2B Collaboration
Azure AD allows for B2B collaboration by enabling the use of a select set of Azure AD features to guest users. A guest user is someone outside of your organization who is invited into your Azure AD tenant. Guest users are not employees, contractors, or onsite agents for you or your affiliates. While some features are free, for any paid Azure AD features, guest users must be licensed as follows: with each Azure AD edition license that you own for an employee or a non-guest user in your tenant, you will also be able to invite up to five guest users to the tenant. The features you can extend to these guest users will depend on the type of Azure AD edition you purchase. There is no charge for inviting a guest user and assigning him/her to an application in Azure AD, for up to ten apps per guest user. Other features of Azure AD 'Free' edition, such as, three basic reports, are also free for guest users. For paid Azure AD features that are extended to guest users, the inviting tenant will need the appropriate number of Basic or Premium P1 or Premium P2 licenses to cover guest users, in the one license: five users ratio as described above. For e.g. one Azure AD Basic license will allow for up to five guest users to be set up for Group Based Access Management and Provisioning. For the 6th guest user, you will need another Azure AD Basic license. Similarly, one Azure AD Premium P1 license will allow for up to five guest users to use Multi-factor authentication feature (plus any Azure AD Basic features). For the 6th guest user that uses MFA, you will need a second Azure AD Premium P1 license.
|Self-Service Password Change for cloud users||✓|
| Azure AD Connect
Sync engine that extends on-premises directories to Azure Active Directory
| Security/Usage Reports
Azure Active Directory (Azure AD) reports provide a comprehensive view of activity in your environment. The provided data enables you to: determine how your apps and services are utilized by your users, detect potential risks affecting the health of your environment, troubleshoot issues preventing your users from getting their work done.
|With Premium P2 you can get lists of users flagged for risk and risky sign-ins, you can examine the most detailed information about the underlying risk events that have been detected for each report, and configure security policies that automatically respond to configured risk levels. Also includes sign-in reports.|
|Group-based access management/provisioning||✓|
|Self-Service Password Reset for cloud users||✓|
|Company Branding (Logon Pages/Access Panel customization)||✓|
| Advanced group features
Advanced group features include dynamic groups, group creation permission delegation, group naming policy, group expiration, usage guidelines, and default classification.
|Self-Service Password Reset/Change/Unlock with on-premises writeback||✓|
|Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back)||✓|
|Multi-Factor Authentication (Cloud and On-premises (MFA Server))||✓|
| Microsoft Identity Manager user CAL
Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.
| Cloud App Discovery
Cloud App Discovery provides a comprehensive view into your cloud app usage, enabling you to address Shadow IT. To access the cloud app discovery features go to https://portal.cloudappsecurity.com/ and log in with your Azure AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
| Connect Health
First monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring AD FS, AD Connect, and AD DS are considered separate agents.
|Automatic password rollover for group accounts||✓|
|Conditional Access based on group and location||✓|
|Conditional Access based on device state (Allow access from managed devices)||✓|
|3rd party identity governance partners integration||✓|
|SharePoint Limited Access||✓|
|OneDrive for Business Limited Access||✓|
|Privileged Identity Management||✓|
|3rd party MFA partner integration (preview)||✓|
|Microsoft Cloud App Security integration||✓|
|Join a device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator BitLocker recovery||Winddows 10 only|
|MDM auto-enrollment, Self-Service BitLocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming||Winddows 10 only|
| Cloud app Security
Cloud app security discovery provides a comprehensive view into your cloud app usage, enabling you to address Shadow IT. To access the cloud app discovery features go to https://portal.cloudappsecurity.com/ and log in with your Azure AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
|Discovered cloud apps||Cloud apps with similar functionality to Office 365|
|Deployment for discovery analysis||Manual log upload|
|Data loss prevention (DLP) support||Available in Office E3 and above|
|App permissions and ability to revoke access||✓|
|Anomaly detection and behavioral analytics||Office 365 apps|
|Manual and automatic alert remediation||✓|
|SIEM connector||Office 365 alerts only|
|Integration to Microsoft Intelligent Security Graph||✓|
| Azure Multi-Factor Authentication
Safeguard access to data and applications while meeting user demand for a simple sign-on process