Stone Group - Providing digital transformation solutions to organisations across the UK.

Azure Active Directory comes in four editions – Free, Office 365 apps, Premium P1 and Premium P2. The Free edition is included with a subscription of a commercial online service e.g. Azure, Dynamics 365, Intune and Power Platform. Office 365 subscriptions include the Free edition, but Office 365 E1, E3, E5, F1, F3 and Education Edition A3 and A5 subscriptions also include the features listed under the Office 365 apps column. The Premium editions are available through your Microsoft representative, the Open Volume Licence programme and the Cloud Solution Providers programme.

Premier P1

Designed to empower organisations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), and security in the cloud.

Premium P2

Azure Active Directory Premium P2 includes every feature of all other Azure Active Directory editions enhanced with advanced identity protection and privileged identity-management capabilities.

  • Standard Editions
    Azure AD – Free Edition
    Azure AD – Office 365 Apps Edition

  • Azure AD – Premium P1 Edition
    Education Pricing – £0.45 ERP
    Corporate Pricing – £4.52 ERP

  • Azure AD – Premium P2 Edition
    Education Pricing – £0.68 ERP
    Corporate Pricing – £6.80 ERP

Azure Active Directory - Standard Edition Features

Core Identity and Access Management

Directory Objects1 (500,000 Object Limit for Free Edition) | Single Sign-On (SSO) (unlimited)2 | User provisioning | Federated authentication (ADFS or third-party IDP) | User and group management (add/update/delete) | Device registration | Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO) | Azure AD Connect sync (extend on-premises directories to Azure AD) | Self-service Password Change for cloud users | Azure AD Join: desktop SSO & administrator bitlocker recovery | Password protection (global banned password) | Multi-Factor Authentication3 | Basic security and usage reports

External identities

Your first 50,000 monthly active users free. Only pay for what you use.

Identity & Access Management for Office 365 apps

(Office 365 Apps Edition only)

Company branding (customisation of login & logout pages, access panel) | Self-service password reset for cloud users | Service-level Agreement (SLA) | Device write-back (device objects two-way synchronisation between on-premises directories and Azure)

  • Core Identity and Access Management
  • External identities
  • Identity & Access Management for Office 365 apps

Azure Active Directory - Premium Edition Features

Core Identity and Access Management

Directory Objects1 (No object limit) | Single Sign-On (SSO) (unlimited)2 | User provisioning | Federated authentication (ADFS or third-party IDP) | User and group management (add/update/delete) | Device registration | Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO) | Azure AD Connect sync (extend on-premises directories to Azure AD) | Self-service Password Change for cloud users | Azure AD Join: desktop SSO & administrator bitlocker recovery | Password protection (global banned password) | Multi-Factor Authentication3 | Basic security and usage reports

External identities

Your first 50,000 monthly active users free. Only pay for what you use.

Identity & Access Management for Office 365 apps

Company branding (customisation of login & logout pages, access panel) | Self-service password reset for cloud users | Service-level Agreement (SLA) | Device write-back (device objects two-way synchronisation between on-premises directories and Azure) | Password protection (custom banned password) | Password protection for Windows Server Active Directory (global & custom banned password) | Self-service password | reset/change/unlock with on-premises write-back | Group access management | Microsoft Cloud App Discovery4 | Azure AD Join: MDM auto-enrolment & local admin policy customisation | Azure AD Join: self-service bitlocker recovery, enterprise state roaming | Advanced security and usage reports

Hybrid identities

Application Proxy | Microsoft Identity Manager user CAL5 | Connect Health6

Advanced Group access management

Dynamic groups | Group creation permission delegation | Group naming policy | Group expiration | Usage guidelines | Default classification

Conditional Access

Conditional Access based on group, location and device status | Azure Information Protection integration | SharePoint limited access | Terms of Use (set up terms of use for specific access) | Multi-factor authentication with conditional access | Microsoft Cloud App Security integration | Third-party identity governance partners integration

Identity protection (Premium P2 only)

Vulnerabilities and risky accounts detection | Risk events investigation | Risk-based Conditional Access policies

Identity Governance (Premium P2 only)

Privileged Identity Management (PIM) | Access reviews | Entitlement management

  • Core Identity and Access Management
  • External identities
  • Identity & Access Management for Office 365 apps
  • Hybrid identities
  • Advanced Group access management
  • Conditional Access
  • Identity protection
  • Identity Governance

1 Default usage quota is 50,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500,000 object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.

2 With Azure AD Free, end users who have been assigned access to SaaS apps can get unlimited SSO access to cloud apps. On-premises applications require Azure AD Application Proxy or secure hybrid partnerships integrations available with Azure AD P1 and P2.

3 Authentication methods and configuration capabilities may vary by subscription, please see here for more details.

4 To access the cloud app discovery features, go to https://portal.cloudappsecurity.com/ and log in with your Azure AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.

5 Microsoft Identity Manager Server software rights are granted with Windows Server licences (any edition). As Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate licence is required for Microsoft Identity Manager Server.

6 First monitoring agent requires at least one licence. Each additional agent requires 25 additional incremental licences. Agents monitoring AD FS, AD Connect and AD DS are considered separate agents.

Contact one of our account managers today