Hello, I have a question regarding Azure AD External Identities and which type of users can get by with the simply paying the External Identities (MAU / 50,000 per month) cost VS needing to pay for a full AzureAD P1 license.
If simply looking at the Commercial Licensing Terms documentation, there are definitions of who the “External Identities” pricing applies to:
FAQ3 from the External IDs Pricing page https://azure.microsoft.com/en-us/pricing/details/active-directory/external-identities/ states:
Only External Users, as defined by the Commercial Licensing
Terms, are eligible for External Identities pricing. Internal employee users are not eligible and must have an Azure
AD license.
IF it is a HARD rule that “Internal employees are not eligible”, then I believe from the list below, for UserType=Guest ID 1-5 will require an AzureAD P1 License in order to “Manage / configure” and, ONLY #6, the “End Customer” using the service will be applicable to the MAU cost. Is my understanding correct?
(Also, the UserType=USER ID scenario at the very bottom will require also require an AzureAD P1 License too because it is not a Guest User, correct?)
------------------------
UserType=Guest ID
1)Employee(Manages Azure)
2)Partner Company Technical member(Manages Azure Service)
3)Employee(Develops=Mostly uses Dev/Test subscription)
4)Partnering Company Technical member(Develops=Mostly uses Dev/Test subscription)
5)Partner Technical member (assists with introductory tasks of End Cx)
6)End Cx(Uses Service)
UserType=USER ID
・Other Users, of the IDs that don’t correlate to any specific user, IDs that match the domain. (eg. Billing Admin or Emergency account, etc)
-----------------------------
I did also find this Document: Properties of an Azure Active Directory B2B collaboration user
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/user-properties
in the UserType section, it does say that
---------------
This property indicates the relationship of the user to the host tenancy. This property can have two values:
Guest: This value indicates a user who isn't considered internal to the company, such as an external collaborator, partner, or customer. Such a user isn't expected to receive a CEO's internal memo or receive company benefits, for example.
---------------
To me, this would mean 2-6 can use External Identities to log in and will not need a AzureAD P1 License, to do their job. Is my understanding correct?
However, Reading the beginning of the document, where it explains the different States 1-4, I get the impression 2-6 would fall under States 1, 3, and 4 depending on if (OnPrem / Cloud only)
Is my understanding correct?
Any guidance that can be provided regarding how to best evaluate which of the above users might be able to “get away” without purchasing an AzureAD P1 license is greatly appreciated.
Thank you for your time and expertise in advance,
Peter