Share via

Azure AD P1 vs. P2: Difference between 'Conditional Access' and 'Risk-based Conditional Access'

Anonymous
2022-02-01T11:05:24.933+00:00

Hi all,

I am struggling in understanding the difference between 'Conditional Access', which is included in M365 E3 / AADP1, and 'Risk-based Conditional Access' which requires AADP2.

My guess is, that AADP2 includes the complete 'Identity Protection' package and that the conditional access is part of it, just named different than in AADP1. Or to rephrase it: Can I setup a policy based upon the risk of the user to enforce MFA or block the access, with AADP1?

Many thanks for any reply - I am looking for that since hours by now.

Best,

Thomas

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. AmanpreetSingh-MSFT 56,966 Reputation points Moderator
    2022-02-01T11:48:36.783+00:00

    Hi @Anonymous • Thank you for reaching out.

    • Azure AD Premium P2 includes both Azure AD Identity Protection and Conditional Access policy features.
    • Azure AD Premium P1 includes Conditional Access policy but not Azure AD Identity Protection

    In order to use Risk-based Conditional Access, you must have Azure AD Identity Protection. Without Azure AD Identity Protection, you can leverage other conditions in the CA policies but not the Risk-Based conditions highlighted below:
    170157-image.png

    Read more: Conditional Access: Sign-in risk-based Conditional Access

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    4 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.