![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 46%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
25,081 questions
Yes, Azure AD is an IdP that is capable of providing SSO for external applications. I'd recommend to grab one Azure Active Directory Premium P2 license to take advantage of all the AAD features it has. Basic licensing (free) will be sufficient for your users unless you want to have more control over your environment (see below).
If you want to have more granular control over your AAD users for MFA, Conditional Access, etc you will need to look into Enterprise Mobility & Security (EMS) licensing for each of your users:
https://www.microsoft.com/en-ca/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing
----------------------------------------
If this is helpful please accept answer.