Hi @Joel Prescilla
If you’re not using Azure for production use and just for learning then your question is understandable.
If you’re using it for production then there are some important features you should consider before throwing away your P2 because of costs. Eg:
- PIM - Privileged Identity Management - limits your admins to only have ‘god roles’ - like global admin - for just a few hours before they have to ask for it again.
- JIT - Just in Time access - like PIM, it allows users access to services (like logging into a VM) for a limited period of time. Any users not provided JIT won’t even be able to knock on the server’s door!
- User and Role Review - Report on who had the ‘god roles’. Without this capability you’ll be endlessly searching through Azure AD every time someone makes a role change.
- Conditional Access - this is a P1 feature but without it you’re basically allowing anyone from anywhere to at least attempt to login to your Azure services.
Those are the coolest features. I spend a lot of time working with the security features in Azure/O365 so hopefully I’m not sounding overzealous!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 80%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
