1. The Service
Azure Active Directory Premium P2: A comprehensive cloud Identity and access management solution with advanced identity protection for all your users and administrators
Edition comparison
Azure Active Directory Premium P1 - Designed to empower organizations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities.
This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), identity protection and security in the cloud.
It supports advanced administration and delegation resources like dynamic groups and self-service group management. It includes Microsoft Identity Manager (an on-premises identity and access management suite) and provides cloud write-back capabilities enabling solutions like self-service password reset for your on-premises users.
Azure Active Directory Premium P2 - Designed with advanced protection for all your users and administrators, this new offering includes all the capabilities in Azure AD Premium P1 as well as our new Identity Protection and Privileged Identity Management.
Azure Active Directory Identity Protection leverages billions of signals to provide risk-based conditional access to your applications and critical company data. We also help you manage and protect privileged accounts with Azure Active Directory Privileged Identity Management so you can discover, restrict and monitor administrators and their access to resources and provide just-in-time access when needed.
|
|
|
Azure Active Directory Basic |
Azure Active Directory Premium P1 |
Azure Active Directory Premium P2 |
|
Common features |
Directory objects |
No object limit |
No object limit |
No object limit |
|
|
User/group management (add/update/delete), user-based provisioning, device registration, password change, synchronisation tools for “on-premises to cloud” directory integration (Azure AD Connect) |
Yes |
Yes |
Yes |
|
|
Single Sign-On (SSO) |
0 apps per user (free tier + Application proxy apps) |
No limit (free, Basic tiers + Self-Service App Integration templates) |
No limit (free, Basic tiers + Self-Service App Integration templates) |
|
|
B2B collaboration4 |
Yes |
Yes |
Yes |
|
|
Security/usage reports |
Basic reports |
Advanced reports |
Advanced reports |
|
Premium + Basic features |
Group-based access management/provisioning |
Yes |
Yes |
Yes |
|
|
Self-service password reset for cloud users |
Yes |
Yes |
Yes |
|
|
Company branding (logon pages/access panel customisation) |
Yes |
Yes |
Yes |
|
|
Application proxy |
Yes |
Yes |
Yes |
|
|
SLA 99.9% |
Yes |
Yes |
Yes |
|
Premium features |
Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups |
|
Yes |
Yes |
|
|
Self-service password reset/change/unlock with write-back to on-premises directories |
|
Yes |
Yes |
|
|
Device objects two-way synchronisation between on-premises directories and Azure AD (Device write-back) |
|
Yes |
Yes |
|
|
Multi-Factor Authentication (cloud and on-premises (MFA server)) |
|
Yes |
Yes |
|
|
Microsoft Identity Manager user CAL6 |
|
Yes |
Yes |
|
|
Cloud app discovery |
|
Yes |
Yes |
|
|
Connect Health7 |
|
Yes |
Yes |
|
|
Conditional access based on group and location |
|
Yes |
Yes |
|
|
Conditional access based on device state (allow access from managed/domain joined devices) |
|
Yes |
Yes |
|
|
Identity Protection / Conditional access based on sign-in or user risk
|
|
|
Yes |
|
|
Privileged Identity Management |
|
|
Yes |
|
Windows 10 + Azure AD Join related features |
Join a Windows 10 device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator Bitlocker recovery |
Yes |
Yes |
Yes |
|
|
MDM auto-enrollment, Self-service Bitlocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming |
|
Yes |
Yes |