Share via

Entra External ID paid subscription

Lawrence Dunn (MF IT) 20 Reputation points
2025-12-15T00:32:31.65+00:00

Hi everyone,

We're trying to get P2 licenses on Entra External for managing groups, PIM and enterprize security features.

Does anyone know how this gets setup, as the workflow seems to be using standard Entra and won't work for an email from our main Entra tenant.

Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments
Answer accepted by question author
  1. Sridevi Machavarapu 28,180 Reputation points Microsoft External Staff Moderator
    2025-12-15T03:31:44.81+00:00

    Hello Lawrence Dunn (MF IT),

    This is expected behavior and not a setup issue.

    You can’t use Entra ID P2 licenses or PIM in an Entra External ID tenant. External ID is built for customer sign-in scenarios and uses pay-as-you-go pricing, not Entra ID licensing. Because of that, features like PIM, Identity Protection, Access Reviews, and group-based admin controls only work in a standard (workforce) Entra ID tenant.

    That’s why the license workflow always points to standard Entra and doesn’t work when you try to use an admin email from your main tenant inside External ID.

    Recommended approach

    Keep P2 licenses and PIM in your main Entra ID tenant.

    Add your admins as B2B guest users in the External ID tenant.

    Assign the needed roles there (without PIM) to manage External ID.

    References

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.