Share via

P1 Subscription for AD Join

Jeremy Johnson 21 Reputation points
2022-03-16T03:23:16.417+00:00

Back story:
One of my clients is a small business that currently only has win 10 computers (including one with file shares), they do not have an on-premise domain controller, this client also has a store front as well as home office.

Question/Need:
To make a long story short, I want to know if I need an Azure P1 subscription for all users, or if I just need a single subscription for an admin user to join the PC to an Azure AD Domain?

I am weighing if an azure ad subscription or an on premise d.c (probably with server 2019 essentials) will be more cost effective over a 5-6 year span.

I dont really need a D.C. for group policy, but I need it to keep their password synchronized as they jump to a different computer.

FYI - users have Microsoft 365 Standard subscription

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2022-03-16T12:34:04.017+00:00

    Hi @Jeremy Johnson • Thank you for reaching out.

    I would suggest you go with Azure AD Join if your only requirement is to allow users to use their account password to sign in to different computers and you don't need group policies.

    To join windows 10 to Azure AD, you can use the Free version of Azure AD. No Premium P1/P2 is required for this purpose. Once the devices are joined to Azure AD, users can directly sign in to the joined devices using their Azure AD user account credentials. This option is definitely cheaper than using On-premises AD or Azure AD Domain Services (managed domain).

    P1/P2 is required If you want to use any premium features like Conditional Access, Identity protection, and so on. Refer to Azure AD Version Comparison.

    Read more: https://learn.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan

    ----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 18,196 Reputation points MVP Volunteer Moderator
    2022-03-16T09:56:46.087+00:00

    Hi @Jeremy Johnson

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    According to this requirement:

    I need it to keep their password synchronized as they jump to a different computer

    You need a Domain Controller to achieve that.

    You don't need an Azure AD P1 if you want to synchronize your On-Premises Domain Controller with Azure AD.

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Please "Accept as Answer" and/or Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.