Conditional access to all users

Question

I need create a conditional access to all organization. The conditional access is a Azure AD P1 feature and this licensing is enabled starting 1 subscription on tenant, is not all users have a subscription AAD P1 in my tenant. My question is, can I apply conditional access to all users even if they don't all have the license?

Answer 1

Hi @Natália Lima ,

Thanks for your question!

Question summary
Is a license required for all users who have Conditional Access policies applied to them?

Answer
Yes, the requirement is that the Azure AD Premium P1 license is applied to all users who make use of the feature. Azure AD has always been licensed per user and this applies to all Azure AD features. A proper license is required if a user benefits directly or indirectly from any feature covered by that license.

Please see the overall Azure AD Pricing/Licensing doc found here:

https://azure.microsoft.com/en-us/pricing/details/active-directory/

The documentation also says, "Using this feature requires an Azure AD Premium P1 license", which means that it's required for any user who makes use of the feature. I do agree though that this could possibly be interpreted as needing one license. For that reason, I reached out to one of the content authors to see if the language could be updated.

Feel free to reach out to your licensing vendor of choice for further clarification or have
a conversation with the Billing team, though.

Let me know if this helps answer your question.

Thanks,

Marilee

-

If this answer helps resolve your question, please consider marking as answer so that others in the community with similar questions can more easily find a solution.

Answer 2

Hmmm but if a user isn't licenced with AAD P1, will conditional access still work ? Or is this tenant wide feature that is widely abused by alot of tenant out there (provisioning only 1 licence to enable it) ?