Azure Active Directory External Identities Licensing

Share This Post

Share on linkedin
Share on facebook
Share on twitter
Share on email


Hey folks!

There was a very recent announcement about the new Azure Active Directory External Identities Licensing and in fact, it’s still in preview. This new announcement benefits most of the enterprise organizations that are using External Identities. Without explaining much about External Identities which you can anyways read here, let me get to the point right away

Azure Active Directory (Azure AD) External Identities is a cloud-based IAM solution that secures and manages customers and partners beyond your organizational boundaries. So, let’s see what’s changed

Before the licensing announcement

Before this licensing announcement B2B guest user licensing is automatically calculated and reported based on the 1:5 ratio for using P1/P2 features. Additionally, guest users can use free Azure AD features with no additional licensing requirements. Guest users have access to free Azure AD features even if you do not have any paid Azure AD licenses.

  • Examples: Calculating guest user licenses:

    Once you determine how many guest users need to access your paid Azure AD services, make sure you have enough Azure AD paid licenses to cover guest users in the required 1:5 ratio. Here are some examples:

    • You want to invite 100 guest users to your Azure AD apps or services and provide access management and provisioning. For 50 of those guest users, you also want to require MFA and Conditional Access, so for those features, you will need 10 Azure AD Premium P1 licenses. If you plan to use Identity Protection features with your guest users, you will need Azure AD Premium P2 licenses in the same 1:5 ratio to cover the guest users.
    • You want to invite 60 guest users who all require MFA, so you must have at least 12 Azure AD Premium P1 licenses. You have 10 employees with Azure AD Premium P1 licenses, which would allow up to 50 guest users under the 1:5 licensing ratio. You will need to purchase two additional Premium P1 licenses to cover 10 additional guest users.

After the licensing announcement:

After the licensing announcement, you will now be able to use the first 50,000 Guest users with Azure AD P1/P2 features without purchasing any additional licenses. This would mean that the first 50,000 Guest Users will be able to use your P1/P2 features like MFA, Conditional Access & Identity Protection. You will be charged only after you cross 50,000 MAUs which you can see here

Few more important points to take note of

  • This billing model applies to both Azure AD guest user collaboration (B2B) and Azure AD B2C tenants
  • Azure Active Directory (Azure AD) External Identities pricing is based on monthly active users (MAU), which is the count of unique users with authentication activity within a calendar month
  • You will have to link your Azure AD Tenant to a subscription to get started. After you complete these steps, your Azure subscription is billed based on your Azure Direct or Enterprise Agreement details, if applicable.

Hope this article helps you understand the new licensing model for External Identities. This is a very important step taken by Microsoft to encourage customers to use more external collaboration scenarios with Azure AD



Fahad, Founder & CEO, kloudynet Technologies


Microsoft Gold Partner and Experts in Azure | Cybersecurity & Governance | Intelligent Automation

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore


Modern XDR + SOC using Azure Sentinel

Microsoft recently announced its new approach with Extended Detection and Response (XDR) to deliver intelligent, automated, and integrated security across domains to help defenders connect


Let's have a chat

Happy to help you with Digital Transformation

What type of projects are you interested in?
Where can we reach you?
What would you like to discuss?