Hi @Leo Johnson ,
You have highlighted the risks and benefits well. The full plan comparison is listed on the pricing page.
You can assign licenses per user so you can have mixed licenses. However, if you wanted to keep users in the same repository, using the AIP scanner in "discover" mode would require just the P1 license, but using the AIP scanner to apply classification, labeling, or protection would require the P2 license.
From the pricing page FAQ:
How would licensing requirements work in this example scenario: A company has 50,000 users with 25,000 on Azure Information Protection P1 (and/or EMS E3) and 25,000 on Azure Information Protection P2 (and/or EMS E5) licenses. They want to leverage the Azure Information Protection scanner but have one repository for all users. Which license(s) are required?
An Azure Information Protection license is required for all internal users who have created content that resides in scanned file repositories. As is standard with Azure Information Protection licensing, additional licensing is not required for external users who are accessing protected files or for users who previously protected files but are no longer users in the tenant, such as users who have left your organization.
In the example above, to use the Azure Information Protection scanner in “discover” mode would not require any additional licensing, as all users are licensed with at least Azure Information Protection P1. Using the scanner to apply classification, labeling and/or protection would require that all 50,000 internal users have an Azure Information Protection P2 licenses.
1: https://azure.microsoft.com/en-us/pricing/details/information-protection/ [3]: https://azure.microsoft.com/en-us/pricing/details/information-protection/