EntraID conditionnal access or PIM are licenced per account or per users?

Adrien Maugard 81 Reputation points

Following this post: https://twitter.com/Alex_A_Simons/status/1466290109062385672

It seem that EntraID licensing is based on human and not user accounts.

If my company have 100 users, and half of them have two accounts (one operation and one privileged)
Did I only need 100 (number or humans) EntraID P1 or P2 licences for PIM and Conditionnal Access or should I buy 150 (number of accounts) licences?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
0 comments No comments
{count} votes

Accepted answer
  1. Deepanshu katara 5,605 Reputation points

    Hi Adrien

    Welcome to MS Q&A

    EntraID licensing is indeed based on human identities rather than individual user accounts. The goal is to ensure that each human identity that interacts with Microsoft 365 services is properly licensed for features like Privileged Identity Management (PIM) and Conditional Access.

    In your scenario, where you have 100 users but half of them have two accounts each (one for operations and one privileged), you would need to license based on the total number of human identities.

    So, if you have 100 users and each user corresponds to one human identity, you would need to purchase licenses for those 100 human identities, regardless of the number of accounts each user has.

    Therefore, you would need 100 EntraID P1 or P2 licenses for PIM and Conditional Access, depending on the features and capabilities you require. There's no need to purchase licenses for the total number of accounts (150 in your case), as the licensing is based on the number of distinct human identities.

    Please check Imag for ref

    User's image

    Please check this doc for detailed info https://learn.microsoft.com/en-us/entra/id-governance/licensing-fundamentals

    Kindly accept answer if it helps , Thanks

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. akinbade abiola 1,810 Reputation points

    Hello Adrien Maugard thanks for your question.
    Microsoft 365 is licensed on a per User Subscription License (USL) basis. Each user accessing the Microsoft 365 services and/or software is required to be assigned a USL.

    If they have the same identity: For products involving identity and access management, such as EntraID P1 or P2 (which include features like Privileged Identity Management and Conditional Access), the licensing is indeed on a per-user basis. This allows a licensed user to access the service across multiple accounts they might hold. So 100 licenses will be okay

    0 comments No comments