• Protecting on-premises Exchange Servers against recent attacks - Read More
  • Attack simulation training in Microsoft Defender for Office 365 now Generally Available - Read More
  • 5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats - Read More
  • Modern XDR + SOC using Azure Sentinel - Read More
  • Password-Less in Organizations - Read More

Azure Active Directory External Identities Licensing

10th September 2020 / in Identity & Access Management / by

Kloudynet Blog


Hey folks!

There was a very recent announcement about the new Azure Active Directory External Identities Licensing and in fact, it’s still in preview. This new announcement benefits most of the enterprise organizations that are using External Identities. Without explaining much about External Identities which you can anyways read here, let me get to the point right away

Azure Active Directory (Azure AD) External Identities is a cloud-based IAM solution that secures and manages customers and partners beyond your organizational boundaries. So, let’s see what’s changed

Before the licensing announcement

Before this licensing announcement B2B guest user licensing is automatically calculated and reported based on the 1:5 ratio for using P1/P2 features. Additionally, guest users can use free Azure AD features with no additional licensing requirements. Guest users have access to free Azure AD features even if you do not have any paid Azure AD licenses.

  • Examples: Calculating guest user licenses:

    Once you determine how many guest users need to access your paid Azure AD services, make sure you have enough Azure AD paid licenses to cover guest users in the required 1:5 ratio. Here are some examples:

    • You want to invite 100 guest users to your Azure AD apps or services and provide access management and provisioning. For 50 of those guest users, you also want to require MFA and Conditional Access, so for those features, you will need 10 Azure AD Premium P1 licenses. If you plan to use Identity Protection features with your guest users, you will need Azure AD Premium P2 licenses in the same 1:5 ratio to cover the guest users.
    • You want to invite 60 guest users who all require MFA, so you must have at least 12 Azure AD Premium P1 licenses. You have 10 employees with Azure AD Premium P1 licenses, which would allow up to 50 guest users under the 1:5 licensing ratio. You will need to purchase two additional Premium P1 licenses to cover 10 additional guest users.

After the licensing announcement:

After the licensing announcement, you will now be able to use the first 50,000 Guest users with Azure AD P1/P2 features without purchasing any additional licenses. This would mean that the first 50,000 Guest Users will be able to use your P1/P2 features like MFA, Conditional Access & Identity Protection. You will be charged only after you cross 50,000 MAUs which you can see here

Few more important points to take note of

  • This billing model applies to both Azure AD guest user collaboration (B2B) and Azure AD B2C tenants
  • Azure Active Directory (Azure AD) External Identities pricing is based on monthly active users (MAU), which is the count of unique users with authentication activity within a calendar month
  • You will have to link your Azure AD Tenant to a subscription to get started. After you complete these steps, your Azure subscription is billed based on your Azure Direct or Enterprise Agreement details, if applicable.

Hope this article helps you understand the new licensing model for External Identities. This is a very important step taken by Microsoft to encourage customers to use more external collaboration scenarios with Azure AD



Fahad, Founder & CEO, kloudynet Technologies

LinkedIn: https://www.linkedin.com/in/fashaik/

Microsoft Gold Partner and Experts in Azure | Cybersecurity & Governance | Intelligent Automation