Azure Active Directory (AD) pricing

Identity and access management for the cloud

Microsoft Azure Active Directory is a comprehensive identity and access management cloud solution that combines core directory services, application access management and advanced identity protection.

Pricing details

Azure Active Directory comes in four editions—Free, Office 365 apps edition, Premium P1, and Premium P2. The Free edition is included with an Azure subscription. The Premium editions are available through your Microsoft representative, the Open Volume License Program, and the Cloud Solution Providers program. Azure and Office 365 subscribers can also buy Azure Active Directory Premium P1 and P2 online. Sign in here to purchase.

Free Office 365 apps Premium P1 Premium P2
Core Identity and Access Management
Directory Objects1 5,00,000 Object Limit No Object Limit No Object Limit No Object Limit
Single Sign-On (SSO) 2 up to 10 apps up to 10 apps Unlimited Unlimited
Easy provisioning Available Available Available Available
Federated Authentication (ADFS or 3rd party IDP) Available Available Available Available
User and group management (add/update/delete) Available Available Available Available
Device registration Available Available Available Available
Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO) Available Available Available Available
Azure AD Connect sync (extend on-premises directories to Azure AD) Available Available Available Available
Self-Service Password Change for cloud users Available Available Available Available
Azure AD Join: desktop SSO and administrator bitlocker recovery Available Available Available Available
Password Protection (global banned password) Available Available Available Available
Multi-Factor Authentication 3 Available Available Available Available
Basic security and usage reports Available Available Available Available
Business to Business Collaboration
Azure AD features for guest users4 Available Available Available Available
Identity and Access Management for Office 365 apps
Company branding (customization of logon and logout pages, access panel) Not available Available Available Available
Group access management Not available Available Available Available
Self-service password reset for cloud users Not available Available Available Available
Service Level Agreement (SLA) Not available Available Available Available
Device objects two-way synchronisation between on-premises directories and Azure AD (Device write-back) Not available Available Available Available
Premium Features
Password Protection (custom banned password) Not available Not available Available Available
Password Protection for Windows Server Active Directory (global and custom banned password) Not available Not available Available Available
Self-service password reset/change/unlock with on-premises write-back Not available Not available Available Available
Microsoft Cloud App Discovery5 Not available Not available Available Available
Azure AD Join: MDM auto enrollment and local admin policy customisation Not available Not available Available Available
Azure AD Join: self-service bitlocker recovery, enterprise state roaming Not available Not available Available Available
Advanced security and usage reports Not available Not available Available Available
Hybrid Identities
Application Proxy Not available Not available Available Available
Microsoft Identity Manager user CAL6 Not available Not available Available Available
Connect Health7 Not available Not available Available Available
Advanced Group Access Management
Dynamic groups Not available Not available Available Available
Group creation permission delegation Not available Not available Available Available
Group naming policy Not available Not available Available Available
Group expiration Not available Not available Available Available
Usage guidelines Not available Not available Available Available
Default classification Not available Not available Available Available
Conditional Access
Conditional Access based on group, location and device status Not available Not available Available Available
Azure Information Protection integration Not available Not available Available Available
SharePoint limited access Not available Not available Available Available
Terms of Use (set up terms of use for specific access) Not available Not available Available Available
Multi-Factor Authentication with Conditional Access Not available Not available Available Available
Microsoft Cloud App Security integration Not available Not available Available Available
3rd party MFA partner integrationPreview Not available Not available Available Available
3rd party identity governance partners integration Not available Not available Available Available
Identity Protection
Vulnerabilities and risky accounts detection Not available Not available Not available Available
Risk events investigation Not available Not available Not available Available
Risk based Conditional Access policies Not available Not available Not available Available
Identity Governance
Privileged Identity Management (PIM) Not available Not available Not available Available
Access Reviews Not available Not available Not available Available
Entitlement ManagementPreview Not available Not available Not available Available
Price Free Included with O365 $6 user/month $9 user/month

1 Default usage quota is 50,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.

2 Authentication methods and configuration capabilities may vary by subscription, please see the documentation for more details.

3 With Azure AD Free end users who have been assigned access to SaaS apps can get SSO access to up to 10 apps. Admins can configure SSO and change user access to different SaaS apps, but SSO access is only allowed for 10 apps per user at a time. All Office 365 apps are counted as one app. For P1 and P2 self-service integration of any application supporting SAML, SCIM or forms-based authentication by using templates provided in the application gallery menu. For more details, please read this article.

4 Azure AD enables the use of Azure AD features for guest users who are invited into the Azure AD tenant to collaborate. For each paid Azure AD license that you own in your tenant, you can invite up to 5 guest users to the tenant. For additional guests beyond the 5th one you will need to purchase additional Azure AD paid licenses to cover the ratio required. The features you can extend to guest users must match paid Azure AD license editions i.e.1 Azure AD P1 license enables you to invite up to 5 guest users to use P1 capabilities. If guest user requires use of a P2 capability, a Azure AD P2 license is required.

5 To access the cloud app discovery features go to https://portal.cloudappsecurity.com/ and log in with your Azure AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.

6 Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.

7 First monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring AD FS, AD Connect and AD DS are considered separate agents.

Premium P1

Designed to empower organisations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management (IAM) and security in the cloud.

Microsoft Representative Online
Price Contact your Microsoft representative $6 user/month*

*Annual commitment

Premium P2

Azure Active Directory Premium P2 includes every feature of all other Azure Active Directory editions enhanced with advanced identity protection and privileged identity management capabilities.

Microsoft Representative Online
Price Contact your Microsoft representative $9 user/month*

*Annual commitment

Support & SLA

  • Technical support for Azure Active Directory Free and Premium is available through Azure Support, starting at $29/month. Billing and account management support is provided at no cost.
  • Service Level Agreement (SLA): Azure Active Directory Premium editions guarantee a 99.9% monthly availability. Free services, such as Azure Active Directory Free, do not have an SLA. For more details, visit the Azure SLA page.

FAQs

  • You will need an Azure or Office 365 subscription. You can use an existing subscription or set up a new one and then sign in to the Office 365 portal with your credentials to buy Azure AD licenses. This video explains how.

  • To manage your Azure Active Directory Premium P1 or P2, or Enterprise Mobility and Security licenses, sign in here with your credentials.

  • Enterprise Mobility and Security E3 licenses include Azure Active Directory Premium P1 and Enterprise Mobility and Security E5 licenses include Azure Active Directory Premium P2.

Resources

Estimate your monthly costs for Azure services

Review Azure pricing frequently asked questions

Learn more about Azure Active Directory (AD)

Review technical tutorials, videos, and more resources

Added to estimate. Press 'v' to view on calculator

Protect your business with Azure Active Directory Premium