Azure Active Directory pricing

Identity and access management for the cloud

Azure Active Directory is a comprehensive, highly available identity and access management cloud solution that combines core directory services, advanced identity governance and application access management. Azure Active Directory also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralised policy and rules.

Pricing details

Azure Active Directory comes in four editions—Free, Basic, Premium P1, and Premium P2. The Free edition is included with an Azure subscription. The Basic and Premium editions are available through a Microsoft Enterprise Agreement, the Open Volume License Programme and the Cloud Solution Providers programme. Azure and Office 365 subscribers can also buy Azure Active Directory Basic and Premium P1 and P2 online. Sign in here to purchase.


A proper license is required if a user benefits directly or indirectly from any feature covered by that license.
Free Basic Premium P1 Premium P2
Common Features
Directory Objects 1 5,00,000 Object Limit No Object Limit No Object Limit No Object Limit
User/Group Management (add/update/delete)/ User-based provisioning, Device registration Available Available Available Available
Single Sign-On (SSO) 10 apps per user2 (pre-integrated SaaS and developer-integrated apps) 10 apps per user2 (free tier + Application proxy apps) No Limit (free, Basic tiers + Self-Service App Integration templates5) No Limit (free, Basic tiers + Self-Service App Integration templates5)
B2B Collaboration 7 Available Available Available Available
Self-Service Password Change for cloud users Available Available Available Available
Connect (Sync engine that extends on-premises directories to Azure Active Directory) Available Available Available Available
Security/Usage Reports 3 Basic Reports 3 Basic Reports Advanced Reports Advanced Reports
Premium + Basic Features
Group-based access management/provisioning Not available Available Available Available
Self-Service Password Reset for cloud users Not available Available Available Available
Company Branding (Logon Pages/Access Panel customisation) Not available Available Available Available
Application Proxy Not available Available Available Available
SLA Not available Available Available Available
Premium Features
Self-Service Group and app Management/Self-Service application additions/Dynamic Groups Not available Not available Available Available
Self-Service Password Reset/Change/Unlock with on-premises writeback Not available Not available Available Available
Device objects two-way synchronisation between on-premises directories and Azure AD (Device write-back) Not available Not available Available Available
Multi-Factor Authentication (Cloud and On-premises (MFA Server)) --3 --3 Available Available
Microsoft Identity Manager user CAL4 Not available Not available Available Available
Cloud App Discovery Not available Not available Available Available
Connect Health6 Not available Not available Available Available
Automatic password rollover for group accounts Not available Not available Available Available
Conditional Access based on group and location Not available Not available Available Available
Conditional Access based on device state (Allow access from managed devices) Not available Not available Available Available
Identity Protection Not available Not available Not available Available
Privileged Identity Management Not available Not available Not available Available
Azure Active Directory Join – Windows 10 only features
Join a device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator Bitlocker recovery Available Available Available Available
MDM auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming Not available Not available Available Available

1 Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.

2 With Azure AD Free and Azure AD Basic, end users who have been assigned access to SaaS apps can get SSO access to up to 10 apps. Admins can configure SSO and change user access to different SaaS apps, but SSO access is only allowed for 10 apps per user at a time.

3 Multi-Factor Authentication is available for Azure AD Free and Azure AD Basic, when you create a Multi-Factor Authentication Provider by the 'per user' or 'per authentication' billing/usage model. Pricing for MFA per-user and per-authentication options is described here.

4 Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.

5 Self-service integration of any application supporting SAML, SCIM or forms-based authentication by using templates provided in the application gallery menu. For more details, please read this article.

6 First monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring AD FS, AD Connect and AD DS are considered separate agents.

7 Azure AD allows for B2B collaboration by enabling the use of a select set of Azure AD features to guest users. A guest user is someone outside of your organisation who is invited into your Azure AD tenant. Guest users are not employees, contractors or onsite agents for you or your affiliates. While some features are free, for any paid Azure AD features, guest users must be licensed as follows: with each Azure AD edition license which you own for an employee or a non-guest user in your tenant, you will also be able to invite up to five guest users to the tenant. The features you can extend to these guest users will depend on the type of Azure AD edition you purchase.There is no charge for inviting a guest user and assigning him/her to an application in Azure AD, for up to ten apps per guest user. Other features of Azure AD 'Free' edition, such as, three basic reports, are also free for guest users. For paid Azure AD features which are extended to guest users, the inviting tenant will need the appropriate number of Basic or Premium P1 or Premium P2 licenses to cover guest users, in the one license: five users ratio as described above. For e.g. one Azure AD Basic license will allow for up to five guest users to be set up for Group Based Access Management and Provisioning. For the 6th guest user, you will need another Azure AD Basic license. Similarly, one Azure AD Premium P1 license will allow for up to five guest users to use Multi-factor authentication feature (plus any Azure AD Basic features). For the 6th guest user who uses MFA, you will need a second Azure AD Premium P1 license.

Basic

Designed for task workers with cloud-first needs, this edition provides cloud centric application access and self-service identity management solutions. With the Basic edition of Azure Active Directory, you get productivity enhancing and cost reducing features like group-based access management, self-service password reset for cloud applications and Azure Active Directory Application Proxy (to publish on-premises web applications using Azure Active Directory), all backed by an enterprise-level SLA of 99.9 percent uptime.

Enterprise Agreement Online
Price Contact your Enterprise Agreement representative $1 user/month*

*Annual commitment

Premium P1

Designed to empower organisations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management (IAM) and security in the cloud.

Enterprise Agreement Online
Price Contact your Enterprise Agreement representative $6 user/month*

*Annual commitment

Premium P2

Azure Active Directory Premium P2 includes every feature of all other Azure Active Directory editions enhanced with advanced identity protection and privileged identity management capabilities.

Enterprise Agreement Online
Price Contact your Enterprise Agreement representative $9 user/month*

*Annual commitment

Azure AD B2B Collaboration

Azure AD allows for B2B collaboration by enabling the use of a select set of Azure AD features to guest users who are invited into the Azure AD tenant. While some features are free, for any paid Azure AD features, guest users must be licensed as follows—with each Azure AD edition license that you own for an employee or a non-guest user in your tenant, you will also be able to invite up to 5 guest users to the tenant. The features you can extend to these guest users will depend on the type of Azure AD edition you purchase.

  • There is no charge for inviting a guest user and assigning him/her to an application in Azure AD, for up to 10 apps per guest user. Other features of Azure AD 'Free' edition, such as, three basic reports, are also free for guest users.
  • For paid Azure AD features which are extended to guest users, the inviting tenant will need the appropriate number of Basic or Premium P1 or Premium P2 licenses to cover guest users, in the 1 license: 5 users ratio as described above. For e.g. 1 Azure AD Basic license will allow for up to 5 guest users to be set up for Group Based Access Management and Provisioning. For the 6th guest user, you will need another Azure AD Basic license. Similarly, 1 Azure AD Premium P1 license will allow for up to 5 guest users to use Multi-factor authentication feature (plus any Azure AD Basic features). For the 6th guest user who uses MFA, you will need a second Azure AD Premium P1 license.

Azure AD Access Control

Azure AD Access Control is free.

Already have Azure Active Directory Premium? Manage your licenses here.

Support & SLA

  • Technical support for Azure Active Directory Free, Basic and Premium is available through Azure Support, starting at $29/month. Billing and subscription management support is provided for free.
  • Service Level Agreement (SLA): Azure Active Directory Basic and Premium editions guarantee a 99.9% monthly availability. Free services, such as Azure Active Directory Free and Access Control, do not have an SLA. For more details, visit the Azure SLA page.

FAQs

  • You will need an Azure or Office 365 subscription. You can use an existing subscription or set up a new one and then sign in to the Office 365 portal with your credentials to buy Azure AD licenses. This video explains how.

  • To manage your Azure Active Directory Basic, Premium P1 or P2, or Enterprise Mobility and Security licenses, sign in here with your credentials.

  • Enterprise Mobility and Security E3 licenses include Azure Active Directory Premium P1 and Enterprise Mobility and Security E5 licenses include Azure Active Directory Premium P2.

Resources

Estimate your monthly costs for Azure services

Review Azure pricing frequently asked questions

Learn more about Azure Active Directory

Review technical tutorials, videos, and more resources

Added to estimate. Press 'v' to view on calculator View on calculator

Protect your business with Azure Active Directory Premium

Free account