Azure AD Premium P1 vs. P2: Which one to choose? (2023)

Microsoft365offers countless licenses to choose from. If you plan to implement some security features for your users in the cloud and make a comparison between Azure AD Premium P1 and P2, this article will surely interest you. If you're not sure about the differences between Azure AD Premium P1 and P2 licenses, stay here.

Prerequisites

To view all the services listed in this article, make sure you meet the following requirements beforehand.

• OneAzure subscription:
• You are logged inBrama Azurniwith user account srole of global administrator.

Bundled with other services

If you haven't purchased Azure AD Premium P1 and Azure AD Premium P2 licenses, you may already have them, but you just don't know it. These two licenses are actually included in other Microsoft 365 services as shown below.

Azure AD Premium P1 and Azure AD Premium P2 are licenses that meet your organization's Advanced Identity Protection requirements.

AAD Premium Plan 2 has all the features of P1. However, it adds more security features, namely:

• Expose vulnerabilities and dangerous accounts
• Privileged Identity Management (PIM)
• Access to reviews

Ask yourself these questions if you're ready for P2 instead of P1.

• Want to discover unsafe accounts with your tenant?
• Do you want to be informed about threats such as password hashing attacks, informal routes, credential leaks, etc.?
• Do your security requirements comply with the general Conditional Access policies?
• Or would you like the Conditional Access policy to be extended to block access also for dangerous connections?
• Does MFA only cover admin account security needs?
• Or do you want to add another layer of protection via Privileged Identity Management?

These questions can be answered if you have a good understanding of what these security mechanisms provide and how they can be used to achieve your goals.

You will learn about all the different services you get with the P2 license later in this article.

Disclosure of risky accounts

If you want to audit user logins in Azure and then take manual action on them, you can choose the Azure AD Premium P1 license. However, if you want:

• Create risk policies and related actions for user accounts
• Use conditional access rules based on unsafe connections
• See the Azure security report

Azure AD Premium P2 would be a suitable license for your environment.

Let's take a look at these advanced features. Assuming you're logged into the Azure portal, go toIdentity protectionwhere you will find all the features listed below.

Report

There are three types of reports available in the AAD Premium P2 plan.

Report dangerous users

This report will show user accounts that may have been compromised. An example is shown here:

The administrator can review this report and then decide what to do next. Risk levels can be low, medium and high. Various actions contribute to the difficulty of the levels.

Administrators can take action based on risk factors. In the example below, you can block the user, mark him as a false positive, or even confirm that the user's account has been compromised.

You also have the option of additional review of identified threats and risk reports.

Risk Report

Some apps may be suspicious. Withrisk applicationsreports, they can be easily located as shown below.

(Video) What is Azure Active Directory, Basic, P1 & P2

The screenshot below shows the compromised user credentials. This app is considered a high risk app with two related threats. Here you have the same actions as in the "at risk users" section.

Risk Disclosure Report

This report shows the type of risk detected. This can be useful if you want to see the activities that trigger this type of alert in your organization.

Identity Protection Policy

If you don't like more advanced reports, maybe a fewidentity protection rulesmoc.

In Azure, you'll find different types of identity protection policies that are only available with AAD Premium P2 licenses.

User Risk Policy

If you want to take certain predefined actions on accounts that are classified as "at risk", you need to define a user risk policy. This policy is enabled by default. However, you can modify it to suit your requirements.

In the screenshot above, you'll see a rule that applies to all users. The policy only applies when the risk level is "high" and the action is to block access. Other options are available, such as allowing access and requesting a password reset.

Application Risk Policy

There is a default rule that defines actions against users with unsafe connections. In the example below, you'll notice that the rule applies to a group. It also mentions that it will be useful for user accounts with a medium to higher login risk. The final step is the implementation of the Ministry of Foreign Affairs.

MFA registration rules

If you want to request MFA registration for one or more accounts, you can submit this request viaMFA registration rulesas shown below. With this policy, you can enable MFA for all users or a set of users.

Custom Conditional Access rules

If you want to implement a granular level of access control, such as applying policies to some users and not others, you must use custom Conditional Access policies.

You may have noticed that some users are at risk of logging in and users listed as at risk due to multiple logins in their ActiveSync profiles. It can also be seen that almost all of these efforts come from three specific countries.

You can create a conditional policy to enforce MFA when there are users classified as high risk and when sign-in risk is also high. Another condition added here is that the policy should affect when an ActiveSync connection originates from these three countries.

Privacy information

If you want to receive regular notifications about unsafe links, another useful feature that comes with the P2 license isprivacy information.

Warnings for at-risk users

These notifications are configured by default for AAD Premium P2 tenants. By default, notifications are sent to global administrators, security administrators, and security readers. The risk level can be adjusted as needed.

The email is received in the format shown below:

Weekly summary by email

This report is also sent to the same administrators as mentioned in the previous section. The email contains compromised new users and compromised credentials. It also contains information about administrator role assignments outside of privileged identity management. We will discuss PIM in the next section.

Azure AD Privileged Identity Management (PIM)

Protecting administrator accounts is essential. Azure AD PIM is a feature that improves security protection.

There are several reasons to consider this feature from a security standpoint. PIM does the following:

• Can be used to provide access to resources based on permissions.
• Access can be time-limited, meaning that access expires automatically after a certain period of time.
• Administrators must provide a reason for enabling certain roles.
• MFA will be enforced after role activation.
• Global admins and security admins will be notified via email whenever any role is activated by PIM.

Adding users to PIM is shown below:

• Access the PIM block in Azure.
• Click "Azure AD Roles".
• Select "Roles".
• Click "Privileged Admin Role".
• Select "Add Tasks" and select the user you want to enable PIM for and proceed to Next.
• On the next page, confirm whether you want this role to be "Permanent" or "Accepted".

PIM is a powerful tool for controlling access to critical resources in your tenant.

Access to reviews

If you want to make sure that enabling and disabling employees also controls their roles in admin accounts, Access Reviews will certainly help you with this.

Access views can be created for groups and administrator roles. These reviews help us understand if existing admins need the role. For example, I ran an access scan to verify the global administrator role.

Now you can decide whether the access control result should be approved or rejected. There are also settings after completion.

Abstract

Azure AD Premium Plan 1 and Plan 2 are similar in many ways. The AAD Premium P1 license has many advantages with many security features such as password protection. Including self-service password reset, conditional access and hybrid identities. In my experience, this license should be sufficient for many organizations.

However, the areas where the AAD Premium P2 license gives you more than P2 are quite significant in terms of security. And that is why the crisis is heading in this direction.

The main differences between AAD Premium P1 and P2 are as follows:

Azure AD Premium 2 has richer security features. However, they come with additional costs compared to Azure AD Premium 1. Therefore, you should weigh the pros and cons before deciding which one to choose.

Further reading

To learn more about this topic, please follow the links below:

• Cijene Azure Active Directory