Managing external identities to enable secure access for partners, customers, and other non-employees
Hello Lawrence Dunn (MF IT),
This is expected behavior and not a setup issue.
You can’t use Entra ID P2 licenses or PIM in an Entra External ID tenant. External ID is built for customer sign-in scenarios and uses pay-as-you-go pricing, not Entra ID licensing. Because of that, features like PIM, Identity Protection, Access Reviews, and group-based admin controls only work in a standard (workforce) Entra ID tenant.
That’s why the license workflow always points to standard Entra and doesn’t work when you try to use an admin email from your main tenant inside External ID.
Recommended approach
Keep P2 licenses and PIM in your main Entra ID tenant.
Add your admins as B2B guest users in the External ID tenant.
Assign the needed roles there (without PIM) to manage External ID.
References
External tenants (