Share via

Can a single Entra P1 license be used to collect account configuration data within a tenant without requiring P1 licenses for every user?

Vincent Tran 20 Reputation points
2024-04-30T00:02:14.08+00:00

I am trying to evaluate a tenant's user accounts for proper configuration of conditional access policies, MFA registration, and more. I've found that a single service account with a P1 license can query the graph API for this information, but I'm unsure if every account within the tenant needs a P1 license if they are not currently using any of the P1 features or benefiting from them.

Microsoft Entra
0 comments
Accepted answer
  1. Akhilesh 5,175 Reputation points Microsoft Vendor
    2024-04-30T08:11:15.3566667+00:00

    Hi @Vincent Tran

    Thank you for reaching out to the community forum!

    The Microsoft Graph API doesn’t depend on any specific license, to query the Microsoft Graph API for information about users, you need to have the appropriate permissions and roles assigned to the account making the requests.

    However, if you want to extract sign-in activity through the Microsoft Graph API, you will require at least a license of Entra ID P1 for each user from which you will extract the sign-in activity.

    To answer your question, the licensing for Entra ID P1 (or any other Azure AD license) is typically done at the user level.

    If a user is not using any of the features enabled by Azure AD Premium P1, then they do not need to have a license assigned to them. However, if a user needs to use any of the features enabled by Azure AD Premium P1, such as Conditional Access policies or MFA registration, then they must have an Azure AD Premium P1 license assigned to them.

    So, if you want to enforce Conditional Access policies or MFA for all users in the tenant, you must assign an Azure AD Premium P1 or P2 license to each user.

    Reference: https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 12,865 Reputation points MVP
    2024-04-30T00:34:15.7133333+00:00

    Not as far as I can tell. The licensing in this case would be role dependent - as per https://learn.microsoft.com/en-us/entra/fundamentals/licensing#microsoft-entra-monitoring-and-health

    As usual with licensing questions, the best way to confirm this would be to reach out to your Microsoft Account rep

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments