Azure AD Premium P1 vs. P2: Which one to choose? (2023)


Microsoft365offers countless licenses to choose from. If you plan to implement some security features for your users in the cloud and make a comparison between Azure AD Premium P1 and P2, this article will surely interest you. If you're not sure about the differences between Azure AD Premium P1 and P2 licenses, stay here.


To view all the services listed in this article, make sure you meet the following requirements beforehand.

Bundled with other services

If you haven't purchased Azure AD Premium P1 and Azure AD Premium P2 licenses, you may already have them, but you just don't know it. These two licenses are actually included in other Microsoft 365 services as shown below.

Azure AD Premium P1 vs. P2: Which one to choose? (1)

Azure AD Premium P1 and Azure AD Premium P2 are licenses that meet your organization's Advanced Identity Protection requirements.

AAD Premium Plan 2 has all the features of P1. However, it adds more security features, namely:

  • Expose vulnerabilities and dangerous accounts
  • Privileged Identity Management (PIM)
  • Access to reviews

Ask yourself these questions if you're ready for P2 instead of P1.

  • Want to discover unsafe accounts with your tenant?
  • Do you want to be informed about threats such as password hashing attacks, informal routes, credential leaks, etc.?
  • Do your security requirements comply with the general Conditional Access policies?
  • Or would you like the Conditional Access policy to be extended to block access also for dangerous connections?
  • Does MFA only cover admin account security needs?
  • Or do you want to add another layer of protection via Privileged Identity Management?

These questions can be answered if you have a good understanding of what these security mechanisms provide and how they can be used to achieve your goals.

You will learn about all the different services you get with the P2 license later in this article.

(Video) AZ-104:- Select Azure Active Directory Editions ? Azure Active Directory Premium P1 & P2

Disclosure of risky accounts

If you want to audit user logins in Azure and then take manual action on them, you can choose the Azure AD Premium P1 license. However, if you want:

  • Create risk policies and related actions for user accounts
  • Use conditional access rules based on unsafe connections
  • See the Azure security report

Azure AD Premium P2 would be a suitable license for your environment.

Let's take a look at these advanced features. Assuming you're logged into the Azure portal, go toIdentity protectionwhere you will find all the features listed below.


There are three types of reports available in the AAD Premium P2 plan.

Report dangerous users

This report will show user accounts that may have been compromised. An example is shown here:

Azure AD Premium P1 vs. P2: Which one to choose? (2)

The administrator can review this report and then decide what to do next. Risk levels can be low, medium and high. Various actions contribute to the difficulty of the levels.

Administrators can take action based on risk factors. In the example below, you can block the user, mark him as a false positive, or even confirm that the user's account has been compromised.

You also have the option of additional review of identified threats and risk reports.

Azure AD Premium P1 vs. P2: Which one to choose? (3)

Risk Report

Some apps may be suspicious. Withrisk applicationsreports, they can be easily located as shown below.

Azure AD Premium P1 vs. P2: Which one to choose? (4)
(Video) What is Azure Active Directory, Basic, P1 & P2

The screenshot below shows the compromised user credentials. This app is considered a high risk app with two related threats. Here you have the same actions as in the "at risk users" section.

Azure AD Premium P1 vs. P2: Which one to choose? (5)

Risk Disclosure Report

This report shows the type of risk detected. This can be useful if you want to see the activities that trigger this type of alert in your organization.

Azure AD Premium P1 vs. P2: Which one to choose? (6)

Identity Protection Policy

If you don't like more advanced reports, maybe a fewidentity protection rulesmoc.

In Azure, you'll find different types of identity protection policies that are only available with AAD Premium P2 licenses.

User Risk Policy

If you want to take certain predefined actions on accounts that are classified as "at risk", you need to define a user risk policy. This policy is enabled by default. However, you can modify it to suit your requirements.

Azure AD Premium P1 vs. P2: Which one to choose? (7)

In the screenshot above, you'll see a rule that applies to all users. The policy only applies when the risk level is "high" and the action is to block access. Other options are available, such as allowing access and requesting a password reset.

Application Risk Policy

There is a default rule that defines actions against users with unsafe connections. In the example below, you'll notice that the rule applies to a group. It also mentions that it will be useful for user accounts with a medium to higher login risk. The final step is the implementation of the Ministry of Foreign Affairs.

Azure AD Premium P1 vs. P2: Which one to choose? (8)

MFA registration rules

If you want to request MFA registration for one or more accounts, you can submit this request viaMFA registration rulesas shown below. With this policy, you can enable MFA for all users or a set of users.

(Video) Azure Active Directory Premium

Azure AD Premium P1 vs. P2: Which one to choose? (9)

Custom Conditional Access rules

If you want to implement a granular level of access control, such as applying policies to some users and not others, you must use custom Conditional Access policies.

You may have noticed that some users are at risk of logging in and users listed as at risk due to multiple logins in their ActiveSync profiles. It can also be seen that almost all of these efforts come from three specific countries.

You can create a conditional policy to enforce MFA when there are users classified as high risk and when sign-in risk is also high. Another condition added here is that the policy should affect when an ActiveSync connection originates from these three countries.

Privacy information

If you want to receive regular notifications about unsafe links, another useful feature that comes with the P2 license isprivacy information.

Warnings for at-risk users

These notifications are configured by default for AAD Premium P2 tenants. By default, notifications are sent to global administrators, security administrators, and security readers. The risk level can be adjusted as needed.

The email is received in the format shown below:

Azure AD Premium P1 vs. P2: Which one to choose? (10)

Weekly summary by email

This report is also sent to the same administrators as mentioned in the previous section. The email contains compromised new users and compromised credentials. It also contains information about administrator role assignments outside of privileged identity management. We will discuss PIM in the next section.

Azure AD Premium P1 vs. P2: Which one to choose? (11)

Azure AD Privileged Identity Management (PIM)

Protecting administrator accounts is essential. Azure AD PIM is a feature that improves security protection.

There are several reasons to consider this feature from a security standpoint. PIM does the following:

(Video) Need of different Licenses in Azure AD | AZ-305 | K21Academy

  • Can be used to provide access to resources based on permissions.
  • Access can be time-limited, meaning that access expires automatically after a certain period of time.
  • Administrators must provide a reason for enabling certain roles.
  • MFA will be enforced after role activation.
  • Global admins and security admins will be notified via email whenever any role is activated by PIM.

Adding users to PIM is shown below:

  • Access the PIM block in Azure.
  • Click "Azure AD Roles".
  • Select "Roles".
  • Click "Privileged Admin Role".
  • Select "Add Tasks" and select the user you want to enable PIM for and proceed to Next.
  • On the next page, confirm whether you want this role to be "Permanent" or "Accepted".
Azure AD Premium P1 vs. P2: Which one to choose? (12)

PIM is a powerful tool for controlling access to critical resources in your tenant.

Access to reviews

If you want to make sure that enabling and disabling employees also controls their roles in admin accounts, Access Reviews will certainly help you with this.

Access views can be created for groups and administrator roles. These reviews help us understand if existing admins need the role. For example, I ran an access scan to verify the global administrator role.

Azure AD Premium P1 vs. P2: Which one to choose? (13)

Now you can decide whether the access control result should be approved or rejected. There are also settings after completion.

Azure AD Premium P1 vs. P2: Which one to choose? (14)
Azure AD Premium P1 vs. P2: Which one to choose? (15)


Azure AD Premium Plan 1 and Plan 2 are similar in many ways. The AAD Premium P1 license has many advantages with many security features such as password protection. Including self-service password reset, conditional access and hybrid identities. In my experience, this license should be sufficient for many organizations.

However, the areas where the AAD Premium P2 license gives you more than P2 are quite significant in terms of security. And that is why the crisis is heading in this direction.

The main differences between AAD Premium P1 and P2 are as follows:

(Video) Activate Azure Active Directory Premium P2 License Free | Azure Active Directory Premium P2 Features

Azure AD Premium P1 vs. P2: Which one to choose? (16)

Azure AD Premium 2 has richer security features. However, they come with additional costs compared to Azure AD Premium 1. Therefore, you should weigh the pros and cons before deciding which one to choose.

Further reading

To learn more about this topic, please follow the links below:

  • Cijene Azure Active Directory


1. buying azure active directory premium p2 license
(Parisa Moosavinezhad)
2. 2. How to Get Azure AD Premium P2 Free Trial Subscription
(MSFT WebCast)
3. What's Inside Azure AD Premium Plan 1?
(MetrixData 360)
4. azure ad creating a new ad tenantand Enable Premium P2 License | Lecture 81
5. Azure Active Directory Pricing Explained | How much does Azure Active Directory cost?
(Paddy Maddy)
6. Azure AD - #1 - Overview
(Azure Academy)


Top Articles
Latest Posts
Article information

Author: Corie Satterfield

Last Updated: 07/29/2023

Views: 5549

Rating: 4.1 / 5 (42 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Corie Satterfield

Birthday: 1992-08-19

Address: 850 Benjamin Bridge, Dickinsonchester, CO 68572-0542

Phone: +26813599986666

Job: Sales Manager

Hobby: Table tennis, Soapmaking, Flower arranging, amateur radio, Rock climbing, scrapbook, Horseback riding

Introduction: My name is Corie Satterfield, I am a fancy, perfect, spotless, quaint, fantastic, funny, lucky person who loves writing and wants to share my knowledge and understanding with you.