Comparing generally available features of the Free, Basic, and Premium editions

Azure Active Directory Free Azure Active Directory BasicAzure Active Directory Premium P1Azure Active Directory Premium P2Office 365 apps only
Common features Directory objects1500,000 object limitNo object limit No object limit No object limit No object limit for Office 365 user accounts
User/group management (add/update/delete), user-based provisioning, device registration, password change, synchronization tools for “on-premises to cloud” directory integration (Azure AD Connect)Yes Yes Yes Yes Yes
Single Sign-On (SSO) 10 apps per user2 (pre-integrated SaaS and developer-integrated apps)10 apps per user2 (free tier + Application proxy apps) No limit (free, Basic tiers + Self-Service App Integration templates3)No limit (free, Basic tiers + Self-Service App Integration templates3)10 apps per user2 (pre-integrated SaaS and developer-integrated apps)
B2B collaboration4Yes Yes Yes Yes Yes
Security/usage reportsBasic reportsBasic reportsAdvanced reportsAdvanced reportsBasic reports
Premium + Basic featuresGroup-based access management/provisioningYesYesYes
Self-service password reset for cloud usersYesYesYesYes
Company branding (logon pages/access panel customization)YesYesYesYes
Application proxyYesYesYes
SLA 99.9%YesYesYesYes
Premium featuresSelf-Service Group and app Management/Self-Service application additions/ Dynamic GroupsYesYes
Self-service password reset/change/unlock with write-back to on-premises directoriesYes Yes
Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back)Yes Yes
Multi-Factor Authentication (cloud and on-premises (MFA server))Yes5Yes5Yes Yes Limited cloud-only for Office 365 apps
Microsoft Identity Manager user CAL6YesYes
Cloud app discoveryYesYes
Connect Health7Yes Yes
Conditional access based on group and locationYes Yes
Conditional access based on device state (allow access from managed/domain joined devices)YesYes
Identity Protection / Conditional access based on sign-in or user riskYes
Privileged Identity ManagementYes
Windows 10 + Azure AD Join related featuresJoin a Windows 10 device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator Bitlocker recoveryYes Yes Yes Yes Yes
Windows 10 + Azure AD Join related featuresMDM auto-enrollment, Self-service Bitlocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State RoamingYes Yes
Common features
Directory objects1
Azure Active Directory Free
500,000 object limit
Azure Active Directory Basic
No object limit
Azure Active Directory Premium P1
No object limit
Azure Active Directory Premium P2
No object limit
Office 365 apps only
No object limit for Office 365 user accounts
User/group management (add/update/delete), user-based provisioning, device registration, password change, synchronization tools for “on-premises to cloud” directory integration (Azure AD Connect)
Azure Active Directory Free
Yes
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Yes
Single Sign-On (SSO)
Azure Active Directory Free
10 apps per user2 (pre-integrated SaaS and developer-integrated apps)
Azure Active Directory Basic
10 apps per user2 (free tier + Application proxy apps)
Azure Active Directory Premium P1
No limit (free, Basic tiers + Self-Service App Integration templates3)
Azure Active Directory Premium P2
No limit (free, Basic tiers + Self-Service App Integration templates3)
Office 365 apps only
10 apps per user2 (pre-integrated SaaS and developer-integrated apps)
B2B collaboration4
Azure Active Directory Free
Yes
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Yes
Security/usage reports
Azure Active Directory Free
Basic reports
Azure Active Directory Basic
Basic reports
Azure Active Directory Premium P1
Advanced reports
Azure Active Directory Premium P2
Advanced reports
Office 365 apps only
Basic reports
Premium + Basic features
Group-based access management/provisioning
Azure Active Directory Free
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Self-service password reset for cloud users
Azure Active Directory Free
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Yes
Company branding (logon pages/access panel customization)
Azure Active Directory Free
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Yes
Application proxy
Azure Active Directory Free
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
SLA 99.9%
Azure Active Directory Free
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Yes
Premium features
Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Self-service password reset/change/unlock with write-back to on-premises directories
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back)
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Multi-Factor Authentication (cloud and on-premises (MFA server))
Azure Active Directory Free
Yes5
Azure Active Directory Basic
Yes5
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Limited cloud-only for Office 365 apps
Microsoft Identity Manager user CAL6
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Cloud app discovery
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Connect Health7
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Conditional access based on group and location
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Conditional access based on device state (allow access from managed/domain joined devices)
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Identity Protection / Conditional access based on sign-in or user risk
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Yes
Office 365 apps only
Privileged Identity Management
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Yes
Office 365 apps only
Windows 10 + Azure AD Join related features
Join a Windows 10 device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator Bitlocker recovery
Azure Active Directory Free
Yes
Azure Active Directory Basic
Yes
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Yes
Windows 10 + Azure AD Join related features
MDM auto-enrollment, Self-service Bitlocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Yes
Azure Active Directory Premium P2
Yes
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only
Azure Active Directory Free
Azure Active Directory Basic
Azure Active Directory Premium P1
Azure Active Directory Premium P2
Office 365 apps only

1Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.

2With Azure AD Free and Azure AD Basic, end users who have been assigned access to SaaS apps can get SSO access to up to 10 apps. Admins can configure SSO and change user access to different SaaS apps, but SSO access is only allowed for 10 apps per user at a time.

3Self-service integration of any application supporting SAML, SCIM, or forms-based authentication by using templates provided in the application gallery menu. For more details, please read this article.

4Azure AD allows for B2B collaboration by enabling the use of a select set of Azure AD features to guest users who are invited into the Azure AD tenant. While some features are free, for any paid Azure AD features, guest users must be licensed as follows: with each Azure AD paid edition license that you own for an employee or a non-guest user in your tenant, you will also be able to invite up to 5 guest users to the tenant. The features you can extend to these guest users will depend on the type of Azure AD edition you purchase. There is no charge for inviting a guest user and assigning him/her to an application in Azure AD, for up to 10 apps per guest user. For paid Azure AD features that are extended to guest users, the inviting tenant will need the appropriate number of Basic or Premium P1 or Premium P2 licenses to cover guest users, in the 1 license: 5 users ratio as described above.

5Multi-Factor Authentication is available for Azure AD Free and Azure AD Basic, when you create a Multi-Factor Authentication Provider by the 'per user' or 'per authentication' billing/usage model. Pricing for MFA per-user and per-authentication options is described here.

6Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.

7First monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring AD FS, AD Connect, and AD DS are considered separate agents.

Back To Top
close-button