Is Azure Active Directory Premium P2 required for every e-mail address or 1 per tenant?

Kevin Lister 6 Reputation points
2021-08-18T14:04:35.723+00:00

Do I need to purchase a license of Azure Active Directory Premium P2 for every 0365 account I have, or is it 1 license per Tenant?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
0 comments No comments
{count} vote

3 answers

Sort by: Most helpful
  1. Vasil Michev 97,076 Reputation points MVP
    2021-08-18T16:27:33.433+00:00

    You need a license for any person that will directly or indirectly use a feature requiring P2/is under the scope of such feature.

    2 people found this answer helpful.

  2. JamesTran-MSFT 36,481 Reputation points Microsoft Employee
    2021-08-19T18:46:30.413+00:00

    @Kevin Lister
    Thank you for the quick follow up on this! When it comes to what @Vasil Michev mentioned within the answer and comment, it's correct. For more info.

    The Azure Active Directory Premium P2 license is licensed per-user, for example, if you were to have your entire Azure AD tenant utilize Privileged Identity Management (PIM), the license(s) must be assigned to the administrators and relevant users who intend to use PIM.

    124796-image.png

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    2 people found this answer helpful.

  3. Rick Vines 0 Reputation points
    2023-11-01T17:09:03.9966667+00:00

    I know this is an old thread but I'm still confused.

    As it relates to Risky User/Risky Sign-in. We only really want to enable that functionality for certain users in our tenant. I'm hearing that I need to license all users with P2 licenses even if I only want to enable that functionality for a limited number of users in the tenant. Is that true or not?

    Thanks!