Regarding the detailed explanation in the December 14, 2020, 4:13 AM reply ( https://learn.microsoft.com/en-us/answers/questions/196759/does-unlicensed-user-in-microsoft-chargeable.html ), we would like your help in confirming an understanding on our part. I will explain the situation to be clearer. We currently use third-party cloud applications which authenticate users on our free AzureAD (Office 365). We registered these applications in AzureAD so that we could configure the authentication mechanism (OpenID, etc.). These user accounts are first created and maintained in our on-premises AD, as they are employee accounts, and then they are synced via ADSync with AzureAD. These user accounts have some Office 365 license associated (E3, E5, etc.). This is the current scenario. In the new scenario, we now want to create more user accounts in AD on-premises so that they can later use those cloud applications. These new users will not need to use any Office 365 products, so they will not have any associated Office 365 licenses (E3, E5, etc.). For these new users it is not mandatory to have MFA (double factor authentication) active when they access those cloud applications. The confirmation we would like from Microsoft is whether this new authentication scenario is compliant in terms of AzureAD licensing. Thanks in advance for your help. Jose H Dometerco

Hi @C025427 - JOSE HENRIQUE DOMETERCO Thank you for asking this question on the **Microsoft Q&A Platform. ** You can authenticate your users without problem in your App, the MA 365 licenses are required for Microsoft tools, and the Azure P1 or P2 licenses are for the security features. You can use the Azure Free version. Hope this helps, Carlos Solís Salazar ---------- Please "Accept as Answer" and/or Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

Authentication of unlicensed Office 365 users on AzureAD free (Office 365) from cloud applications

Accepted answer

Carlos Solís Salazar 17,896 Reputation points

2022-03-15T18:15:36.807+00:00

Hi @C025427 - JOSE HENRIQUE DOMETERCO

Thank you for asking this question on the **Microsoft Q&A Platform. **

You can authenticate your users without problem in your App, the MA 365 licenses are required for Microsoft tools, and the Azure P1 or P2 licenses are for the security features.

You can use the Azure Free version.

Hope this helps,
Carlos Solís Salazar

----------

Please "Accept as Answer" and/or Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.
Please sign in to rate this answer.

1 person found this answer helpful.
C025427 - JOSE HENRIQUE DOMETERCO 21 Reputation points

2022-03-15T20:56:30.69+00:00

Thank you very much for the quick response! Forgive me for adding 6 more questions, but they are essential for our understanding. I hope I can count on your help.
Regarding the limit on the number of objects that can be created in AzureAD free (Office 365), as said in https://learn.microsoft.com/en-us/answers/questions/648584/the-number-of-making-a -new-user-on-azure.html, we would like to know:
a) Is the limit 500,000 objects?
b) In the case of users created in AzureAD without an associated Office 365 license, can MFA be enabled for them (via SMS or via Authenticator APP) at no additional cost to authenticate themselves from a cloud application?

C025427 - JOSE HENRIQUE DOMETERCO 21 Reputation points

2022-03-15T20:57:48.807+00:00

Regarding External Identities and MFA, in the link https://azure.microsoft.com/en-us/pricing/details/active-directory/external-identities/ it is informed that there is a free limit of 50K (MAU) and that "A flat fee of R$0.155 is billed for each SMS/Phone-based multi-factor authentication attempt.". We would like to know:
a) does Azure AD free (Office 365) licensing allow this free usage (50K MAU) or do I need to have a minimum number of Azure P1 or P2 license (in this case, what is that minimum)?
b) does this "flat fee" of SMS/Phone-based multi-factor authentication attempt also refer to Authenticator App usage or only when user opts to receive SMS? If the user only uses the Authenticator App, will the amount be charged?
c) does this SMS/Phone-based multi-factor authentication attempt "flat fee" apply to any authentication even if the 50K MAU threshold is not yet reached?
d) Does this SMS/Phone-based multi-factor authentication attempt "flat fee" only refer to External Identities authentication?

Carlos Solís Salazar 17,896 Reputation points

2022-03-17T09:47:08.56+00:00

Hi @C025427 - JOSE HENRIQUE DOMETERCO

Here you can see all the Azure AD Service limits https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions

Yes, you can create a user without a license and enable the MFA without charge.

If the above response helped answer your query, Please accept the response as answer, so others visiting the forum with the same query might get help.

Carlos Solís Salazar 17,896 Reputation points

2022-03-17T10:03:48.967+00:00

Hi @C025427 - JOSE HENRIQUE DOMETERCO

Here are my answers:

a) You require a Premium P1 or a Premium P2, you need the user/users who administrate de Azure AD to have either of these licenses.
b) The flat fee of SMS/Phone-based multi-factor authentication attempt is just for "SMS/Phone-based multi-factor authentication attempt". The Authenticator App fee will depende of the region, this is an example that I get from the same URL you show us

c) Yes, it is the attempt, not the successful authentication
d) Yes, that fee is for external identities authentication

Hope this helps,
Carlos Solís Salazar

----------

Please "Accept as Answer" and/or Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Authentication of unlicensed Office 365 users on AzureAD free (Office 365) from cloud applications

0 additional answers

Your answer