Product Details: Microsoft Azure Active Directory Premium P1 Subscription
The Microsoft Azure Active Directory Premium P1 subscription, also know as Azure AD P1 or AAD P1, provides the following capabilities
Core Identity and Access Management
Directory Objects *1
Single Sign-On (SSO) (unlimited) *2
Federated authentication (ADFS or third-party IDP)
User and group management (add/update/delete)
Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO)
Azure AD Connect sync (extend on-premises directories to Azure AD)
Self-service Password Change for cloud users
Azure AD Join: desktop SSO & administrator bitlocker recovery
Password protection (global banned password)
Multi-Factor Authentication *3
Basic security and usage reports
Secure and manage customers and partners
Identity & Access Management for Office 365 apps
Company branding (customisation of login & logout pages, access panel)
Self-service password reset for cloud users
Service-level Agreement (SLA)
Device write-back (device objects two-way synchronisation between on-premises directories and Azure)
Premium Features in P1 and P2
Password protection (custom banned password)
Password protection for Windows Server Active Directory (global & custom banned password)
Self-service password reset/change/unlock with on-premises write-back
Group access management
Microsoft Cloud App Discovery *4
Azure AD Join: MDM auto-enrolment & local admin policy customisation
Azure AD Join: self-service bitlocker recovery, enterprise state roaming
Advanced security and usage reports
Microsoft Identity Manager user CAL *5
Connect Health *6
Advanced Group access management
Group creation permission delegation
Group naming policy
Conditional Access based on group, location and device status
Azure Information Protection integration
SharePoint limited access
Multi-factor authentication with conditional access
Microsoft Cloud App Security integration
Third-party identity governance partners integration
Default usage quota is 50,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500,000 object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.
With Azure AD Free, end users who have been assigned access to SaaS apps can get unlimited SSO access to cloud apps. On-premises applications require Azure AD Application Proxy or secure hybrid partnerships integrations available with Azure AD P1 and P2.
Authentication methods and configuration capabilities may vary by subscription, please see here for more details.
To access the cloud app discovery features, go to https://portal.cloudappsecurity.com/and log in with your Azure AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
Microsoft Identity Manager Server software rights are granted with Windows Server licences (any edition). As Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate licence is required for Microsoft Identity Manager Server.
First monitoring agent requires at least one licence. Each additional agent requires 25 additional incremental licences. Agents monitoring AD FS, AD Connect and AD DS are considered separate agents.