Conditional access to all users

Natália Lima 86 Reputation points

I need create a conditional access to all organization. The conditional access is a Azure AD P1 feature and this licensing is enabled starting 1 subscription on tenant, is not all users have a subscription AAD P1 in my tenant. My question is, can I apply conditional access to all users even if they don't all have the license?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,768 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 34,546 Reputation points Microsoft Employee

    Hi @Natália Lima ,

    Thanks for your question!

    Question summary
    Is a license required for all users who have Conditional Access policies applied to them?

    Yes, the requirement is that the Azure AD Premium P1 license is applied to all users who make use of the feature. Azure AD has always been licensed per user and this applies to all Azure AD features. A proper license is required if a user benefits directly or indirectly from any feature covered by that license.

    Please see the overall Azure AD Pricing/Licensing doc found here:

    The documentation also says, "Using this feature requires an Azure AD Premium P1 license", which means that it's required for any user who makes use of the feature. I do agree though that this could possibly be interpreted as needing one license. For that reason, I reached out to one of the content authors to see if the language could be updated.

    Feel free to reach out to your licensing vendor of choice for further clarification or have
    a conversation with the Billing team, though.

    Let me know if this helps answer your question.




    If this answer helps resolve your question, please consider marking as answer so that others in the community with similar questions can more easily find a solution.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. jdlavallee 6 Reputation points

    Hmmm but if a user isn't licenced with AAD P1, will conditional access still work ? Or is this tenant wide feature that is widely abused by alot of tenant out there (provisioning only 1 licence to enable it) ?