Introduction to Microsoft EntraLicensing & Editions

Licensing & Editions

25 mins

Understanding the Concept

Microsoft Entra ID comes in multiple editions: Free, P1, and P2. The Free edition is included with Azure subscriptions and Microsoft 365, providing basic identity features. P1 adds Conditional Access, dynamic groups, and self-service capabilities. P2 adds Identity Protection and Privileged Identity Management.

Licensing is per-user and follows a per-seat model. Some features like Conditional Access require P1 for all users who will be evaluated by policies, not just those who create them.

Microsoft Entra ID Governance (access reviews, entitlement management, lifecycle workflows) requires additional licensing beyond P2 in some configurations. Understanding the license matrix is essential for planning deployments.

Key Points

  • Free: Basic user/group management, SSO (up to 10 apps per user), MFA
  • P1: Conditional Access, dynamic groups, SSPR, application proxy, hybrid identity
  • P2: Identity Protection, risk-based CA, PIM, access reviews, entitlement management
  • Microsoft 365 E3 includes Entra ID P1; E5 includes Entra ID P2
  • Per-user licensing - all users subject to a feature need appropriate licenses

License Tiers & Features

Step 1

Free / M365

Basic SSO, MFA, user management, security defaults

Step 2

Entra ID P1

Conditional Access, dynamic groups, SSPR, App Proxy

Step 3

Entra ID P2

Identity Protection, PIM, risk-based policies

Step 4

ID Governance

Lifecycle workflows, entitlement mgmt, advanced access reviews

Why This Matters in Real Organizations

Incorrect licensing leads to either overspending or missing critical security features. Many organizations discover mid-deployment that Conditional Access requires P1 for every evaluated user, causing unexpected cost increases. Proper license planning prevents project delays and budget overruns.

Common Mistakes to Avoid

Assuming Conditional Access is included in the free tier
Not licensing all users evaluated by a Conditional Access policy
Confusing Entra ID P2 with Entra ID Governance licensing
Deploying PIM without P2 licenses and wondering why it does not work

Interview Tips

  • Show awareness of the licensing complexity and cost considerations
  • Discuss how to optimize licensing across an organization
  • Mention trial options for testing P2 features before committing

Exam Tips (SC-300)

  • Know exactly which features require P1 vs P2
  • Understand that Conditional Access = P1 minimum
  • Know that PIM and Identity Protection require P2

Course Complete!

You've finished all lessons

Previous|Next|HHome