Azure Active Directory Subscriptions - Monthly PAYG or Annual Plans

Azure Active Directory (Azure AD) is an identity and access management-as-a-service (IDaaS) solution that combines single-on capabilities to any cloud and on-premises application with advanced protection. It gives your people, partners, and customers a single identity to access the applications they want and collaborate from any platform and device. And because it’s based on scalable management capabilities and risk-based access rules, Azure AD helps ensure security and streamline IT processes. Azure AD is at the core of Enterprise Mobility and Security solutions from Microsoft. Whether you’re just getting started on your cloud journey, or you already have some cloud capabilities, Azure AD can help you work faster and smarter, and more securely. Already using Microsoft 365 or Azure? You already have Azure AD and you can start using it for other SaaS apps today

Microsoft Azure Active Directory Premium P1 Subscription
Microsoft Azure
The Microsoft Azure Active Directory Premium P1 subscription, also know as Azure AD P1 or AAD P1, provides the following capabilities

Core Identity and Access Management
Directory Objects *1
Single Sign-On (SSO) (unlimited) *2
User provisioning
Federated authentication (ADFS or third-party IDP)
User and group management (add/update/delete)
Device registration
Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO)
Azure AD Connect sync (extend on-premises directories to Azure AD)
Self-service Password Change for cloud users
Azure AD Join: desktop SSO & administrator bitlocker recovery
Password protection (global banned password)
Multi-Factor Authentication *3
Basic security and usage reports

External identities
Secure and manage customers and partners

Identity & Access Management for Office 365 apps
Company branding (customisation of login & logout pages, access panel)
Self-service password reset for cloud users
Service-level Agreement (SLA)
Device write-back (device objects two-way synchronisation between on-premises directories and Azure)

Premium Features in P1 and P2
Password protection (custom banned password)
Password protection for Windows Server Active Directory (global & custom banned password)
Self-service password reset/change/unlock with on-premises write-back
Group access management
Microsoft Cloud App Discovery *4
Azure AD Join: MDM auto-enrolment & local admin policy customisation
Azure AD Join: self-service bitlocker recovery, enterprise state roaming
Advanced security and usage reports

Hybrid identities
Application Proxy
Microsoft Identity Manager user CAL *5
Connect Health *6

Advanced Group access management
Dynamic groups
Group creation permission delegation
Group naming policy
Group expiration
Usage guidelines
Default classification

Conditional Access
Conditional Access based on group, location and device status
Azure Information Protection integration
SharePoint limited access
Terms of Use (set up terms of use for specific access)
Multi-factor authentication with conditional access
Microsoft Cloud App Security integration
Third-party identity governance partners integration

*1
Default usage quota is 50,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500,000 object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.

*2
With Azure AD Free, end users who have been assigned access to SaaS apps can get unlimited SSO access to cloud apps. On-premises applications require Azure AD Application Proxy or secure hybrid partnerships integrations available with Azure AD P1 and P2.

*3
Authentication methods and configuration capabilities may vary by subscription, please see here for more details.

*4
To access the cloud app discovery features, go to https://portal.cloudappsecurity.com/and log in with your Azure AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.

*5
Microsoft Identity Manager Server software rights are granted with Windows Server licences (any edition). As Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate licence is required for Microsoft Identity Manager Server.

*6
First monitoring agent requires at least one licence. Each additional agent requires 25 additional incremental licences. Agents monitoring AD FS, AD Connect and AD DS are considered separate agents.
Microsoft Azure Active Directory Premium P2 Subscription
Microsoft Azure
The Azure Active Directory Premium P2 subscription, also know as Azure AD Premium P2 or AAD P2 subscription, provides the following capabilities

Core Identity and Access Management
Directory Objects *1
Single Sign-On (SSO) (unlimited) *2
User provisioning
Federated authentication (ADFS or third-party IDP)
User and group management (add/update/delete)
Device registration
Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO)
Azure AD Connect sync (extend on-premises directories to Azure AD)
Self-service Password Change for cloud users
Azure AD Join: desktop SSO & administrator bitlocker recovery
Password protection (global banned password)
Multi-Factor Authentication *3
Basic security and usage reports

External identities
Secure and manage customers and partners

Identity & Access Management for Office 365 apps
Company branding (customisation of login & logout pages, access panel)
Self-service password reset for cloud users
Service-level Agreement (SLA)
Device write-back (device objects two-way synchronisation between on-premises directories and Azure)

Premium Features in P1 and P2
Password protection (custom banned password)
Password protection for Windows Server Active Directory (global & custom banned password)
Self-service password reset/change/unlock with on-premises write-back
Group access management
Microsoft Cloud App Discovery *4
Azure AD Join: MDM auto-enrolment & local admin policy customisation
Azure AD Join: self-service bitlocker recovery, enterprise state roaming
Advanced security and usage reports

Hybrid identities
Application Proxy
Microsoft Identity Manager user CAL *5
Connect Health *6

Advanced Group access management
Dynamic groups
Group creation permission delegation
Group naming policy
Group expiration
Usage guidelines
Default classification

Conditional Access
Conditional Access based on group, location and device status
Azure Information Protection integration
SharePoint limited access
Terms of Use (set up terms of use for specific access)
Multi-factor authentication with conditional access
Microsoft Cloud App Security integration
Third-party identity governance partners integration

Premium P2 Exclusive Features
Identity protection
Vulnerabilities and risky accounts detection
Risk events investigation
Risk-based Conditional Access policies

Identity Governance
Privileged Identity Management (PIM)
Access reviews
Entitlement management

*1 Default usage quota is 50,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500,000 object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.

*2 With Azure AD Free, end users who have been assigned access to SaaS apps can get unlimited SSO access to cloud apps. On-premises applications require Azure AD Application Proxy or secure hybrid partnerships integrations available with Azure AD P1 and P2.

*3 Authentication methods and configuration capabilities may vary by subscription, please see here for more details.

*4 To access the cloud app discovery features, go to https://portal.cloudappsecurity.com/and log in with your Azure AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.

*5 Microsoft Identity Manager Server software rights are granted with Windows Server licences (any edition). As Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate licence is required for Microsoft Identity Manager Server.

*6 First monitoring agent requires at least one licence. Each additional agent requires 25 additional incremental licences. Agents monitoring AD FS, AD Connect and AD DS are considered separate agents.
Microsoft Azure Information Protection Premium P1 Subscription
The Azure Information Protection (AIP) subsciption provides a cloud-based service used to encrypt data and restrict some functions via a content labeling system. These labels prevent unauthorized actions such as printing, viewing, copying and downloading content, based on the organisation's policy.

AIP provied a capability for companies that must restrict access and functionality to sensitive digital assets. Organisations in certain industries, such as healthcare, legal, manufacturing or financial services, must comply with regulations that require sensitive data to have tighter restrictions.

AIP supports many content types, including email, text, image, Microsoft Office files and PDFs. AIP protects files stored in on-premises file servers and in cloud platforms, such as SharePoint Online and OneDrive for Business.

Access to information can also be controlled by specifying permissions on shared data. It’s simple to use and deeply integrated with Office 365.

Information Protection helps organisations discover, classify, label, and protect sensitive documents and emails.
Admins can define rules and conditions to apply labels automatically, users can apply labels manually, or a combination of the two can be used - where users are given recommendations on applying labels.
Microsoft Defender for Identity Subscription
The Microsoft Defender for Identity subscription is designed to help you protect your enterprise from advanced targeted attacks by automatically analysing, learning, and identifying normal and abnormal entity (user, devices, and resources) behaviour.

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation.

Defender for Identity enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:
• Monitor users, entity behavior, and activities with learning-based analytics
• Protect user identities and credentials stored in Active Directory
• Identify and investigate suspicious user activities and advanced attacks throughout the kill chain
• Provide clear incident information on a simple timeline for fast triage
• Monitor and profile user behavior and activities
• Defender for Identity monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioural baseline for each user. Defender for Identity then identifies anomalies with adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organisation. Defender for Identity's proprietary sensors monitor organisational domain controllers, providing a comprehensive view for all user activities from every device.

Protect user identities and reduce the attack surface
• Defender for Identity provides you invaluable insights on identity configurations and suggested security best-practices. Through security reports and user profile analytics, Defender for Identity helps dramatically reduce your organisational attack surface, making it harder to compromise user credentials, and advance an attack. Defender for Identity's visual Lateral Movement Paths help you quickly understand exactly how an attacker can move laterally inside your organisation to compromise sensitive accounts and assists in preventing those risks in advance. Defender for Identity security reports help you identify users and devices that authenticate using clear-text passwords and provide additional insights to improve your organisational security posture and policies.

Protecting the AD FS in hybrid environments
• Active Directory Federation Services (AD FS) plays important role in today's infrastructure when it comes to authentication in hybrid environments. Defender for Identity protects the AD FS in your environment by detecting on-premises attacks on the AD FS and providing visibility into authentication events generated by the AD FS.

Identify suspicious activities and advanced attacks across the cyber-attack kill-chain
• Typically, attacks are launched against any accessible entity, such as a low-privileged user, and then quickly move laterally until the attacker gains access to valuable assets – such as sensitive accounts, domain administrators, and highly sensitive data. Defender for Identity identifies these advanced threats at the source throughout the entire cyber-attack kill chain:

Reconnaissance
• Identify rogue users and attackers' attempts to gain information. Attackers are searching for information about user names, users' group membership, IP addresses assigned to devices, resources, and more, using a variety of methods.

Compromised credentials
• Identify attempts to compromise user credentials using brute force attacks, failed authentications, user group membership changes, and other methods.

Lateral movements
• Detect attempts to move laterally inside the network to gain further control of sensitive users, utilizing methods such as Pass the Ticket, Pass the Hash, Overpass the Hash and more.

Domain dominance
• Highlighting attacker behavior if domain dominance is achieved, through remote code execution on the domain controller, and methods such as DC Shadow, malicious domain controller replication, Golden Ticket activities, and more.

Investigate alerts and user activities
• Defender for Identity is designed to reduce general alert noise, providing only relevant, important security alerts in a simple, real-time organisational attack timeline. The Defender for Identity attack timeline view allows you to easily stay focused on what matters, leveraging the intelligence of smart analytics. Use Defender for Identity to quickly investigate threats, and gain insights across the organisation for users, devices, and network resources. Seamless integration with Microsoft Defender for Endpoint provides another layer of enhanced security by additional detection and protection against advanced persistent threats on the operating system.
Microsoft Azure - Platform
Solve your business problems with proven combinations of Azure products and services. Get started with sample architectures and documentation.
• Application development
• Development and testing
Simplify and accelerate development and testing (dev/test) across any platform
• DevOps
Bring together people, processes, and products to continuously deliver value to customers and coworkers.
• DevSecOps
Integrate security into every aspect of the software delivery lifecycle.
• E-commerce
Give customers what they want with a personalized, scalable, and secure shopping experience
• Game development
Build, quickly launch, and reliably scale your games across platforms-and refine based on analytics.
• Internet of Things
Find new insights by collecting untapped data from connected devices, assets, and sensors.
• Low code application development on Azure
Turn your ideas into applications faster using the right tools for the job.
• Microservice applications
Create reliable apps and functionalities at scale and bring them to market faster.
• Mobile
Reach your customers everywhere, on any device, with a single mobile app build.
• Modern application development
Respond to changes faster, optimize costs, and ship confidently.
• Serverless computing
Build apps faster by not having to manage infrastructure.
• Messaging services on Azure
Connect modern applications with a comprehensive set of messaging services on Azure
• AI
• AI
Build mission-critical solutions to analyse images, comprehend speech, and make predictions using data.
• Knowledge mining
Uncover latent insights from across all of your business data with AI.
• Cloud migration
• .NET apps migration
Optimize costs, operate confidently, and ship features faster by migrating your ASP.NET web apps to Azure.
• Azure migration centre
Save money and improve efficiency by migrating your workloads to Azure with proven tools and guidance.
• Development and testing
Simplify and accelerate development and testing (dev/test) across any platform
• Linux migration
Run your preferred Linux distribution on Azure—using the same tools and commands you’re used to.
• Mainframe migration
Reduce infrastructure costs by moving your mainframe apps to Azure.
• SAP on Azure
Bring the intelligence, security, and reliability of Azure to your SAP applications.
• SQL Server migration
Move your SQL Server databases to Azure with few or no application code changes.
• Windows Server migration
Run your Windows workloads on the trusted cloud for Windows Server.
• Open-source database migration
Explore tools and resources for migrating open-source databases to Azure while reducing costs
• Data and analytics
• Blockchain
Reduce fraud and accelerate verifications with immutable shared record keeping.
• Business intelligence
Drive faster, more efficient decision making by drawing deeper insights from your analytics.
• Cloud-scale analytics
Transform any data into timely insights at enterprise scale.
• Internet of Things
Find new insights by collecting untapped data from connected devices, assets, and sensors.
• Azure IoT for safer workplaces
Create a safer workplace as you resume onsite operations.
• Azure managed databases
Build cloud-native applications or modernize existing applications with fully managed databases
• Hybrid cloud and infrastructure
• Backup and disaster recovery
Minimize disruption to your business with cost-effective backup and disaster recovery solutions.
• High-performance computing (HPC)
Get fully managed, single tenancy supercomputers with high-performance storage and no data movement.
• Hybrid and multicloud solutions
Bring innovation anywhere to your hybrid environment across on-premises, multicloud, and the edge
• Ultra-low-latency edge computing
Provide rich, seamless customer experiences in real time and significantly reduce latency concerns.
• Business-critical applications
Run your mission-critical applications on Azure for increased operational agility and security.
• Security and governance
• Azure governance
Ensure compliance using built-in cloud governance capabilities.
• Backup and disaster recovery
Minimize disruption to your business with cost-effective backup and disaster recovery solutions.
• Confidential computing
Protect your data and code while they’re in use in the cloud.
• Azure network security
Cloud-native network security for protecting your applications, network, and workloads.
• Industry solutions
• Energy
Optimize everything from field work to customer experiences to speed response rates and reduce costs.
• Financial services
Personalize customer experiences, modernize financial systems, and optimize risk management.
• Game development
Build, quickly launch, and reliably scale your games across platforms-and refine based on analytics.
• Government
Implement remote government access, empower cross-agency collaboration, and deliver secure services.
• Health and life sciences
Enhance patient engagement, empower provider collaboration, and improve operational insights.
• Manufacturing
Uncover new operational efficiencies, reduce costs, and generate new revenue opportunities.
• Media and entertainment
Create content more quickly, collaborate from everywhere, and deliver seamless customer experiences.
• Retail
Personalize customer experiences, empower your employees, and optimize supply chains.
spinner