Azure Active Directory plans and pricing
Reimagine secure access with Microsoft Entra
New event date: Join this free digital event on July 11 to hear about the latest identity and access innovations and how to strengthen your defenses with Microsoft Entra.
Choose the best version for your business
Azure Active Directory is available in four editions. Check the table below to see the features included in each edition.
|
Azure Active Directory FreeOriginally starting from Free now starting from Free Free Free
|
Office 365Originally starting from Free now starting from Free Free Free
|
Azure Active Directory Premium P1Originally starting from $6.00 now starting from $6.00 $6.00 $6.00 user/month
|
Azure Active Directory Premium P2Originally starting from $9.00 now starting from $9.00 $9.00 $9.00 user/month
|
|---|---|---|---|---|
|
||||
|
Authentication, single sign-on and multifactor authentication (MFA)
|
|
|
|
|
|
Cloud authentication
(Pass-through authentication, password hash synchronization) |
|
|
|
|
|
Federated authentication
(Active Directory Federation Services or federation with other identity providers) |
|
|
|
|
|
Single sign-on (SSO) unlimited3
|
|
|
|
|
|
Multifactor authentication (MFA)4
|
|
|
|
|
|
Passwordless
(Windows Hello for Business, Microsoft Authenticator, FIDO2 security key integrations5) |
|
|
|
|
|
Service-level agreement6
|
|
|
|
|
|
Customizable user sign-in page
|
|
|
|
|
|
Applications Access
|
|
|
|
|
|
SaaS apps with modern authentication
(Azure AD application gallery apps, SAML, and OAUTH 2.0) |
|
|
|
|
|
Group assignment to applications
|
|
|
|
|
|
Cloud app discovery (Microsoft Defender for Cloud Apps)7
|
|
|
|
|
|
Application Proxy for on-premises, header-based, and Integrated Windows Authentication
|
|
|
|
|
|
Secure hybrid access partnerships8
(Kerberos, NTLM, LDAP, RDP, and SSH authentication) |
|
|
|
|
|
Authorization and Conditional Access
|
|
|
|
|
|
Role-based access control (RBAC)
|
|
|
|
|
|
Conditional Access
|
|
|
|
|
|
SharePoint limited access
|
|
|
|
|
|
Session lifetime management Learn more
|
|
|
|
|
|
Identity Protection
(Risky sign-ins, risky users, risk-based conditional access) |
|
|
|
|
|
Custom security attributes
|
|
|
|
|
|
Administration and hybrid identity
|
|
|
|
|
|
User and group management
|
|
|
|
|
|
Advanced group management
(Dynamic groups, naming policies, expiration, default classification) |
|
|
|
|
|
Directory synchronization—Azure AD Connect (sync and cloud sync)
|
|
|
|
|
|
Azure AD Connect Health reporting9
|
|
|
|
|
|
Delegated administration—built-in roles
|
|
|
|
|
|
Global password protection and management – cloud-only users
|
|
|
|
|
|
Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory
|
|
|
|
|
|
Microsoft Identity Manager user client access license (CAL)10
|
|
|
|
|
|
Cross-tenant user synchronization
|
|
|
|
|
|
End-user self-service
|
|
|
|
|
|
Application launch portal (My Apps)
|
|
|
|
|
|
User application collections in My Apps
|
|
|
|
|
|
Self-service account management portal (My Account)
|
|
|
|
|
|
Self-service password change for cloud users
|
|
|
|
|
|
Self-service password reset/change/unlock with on-premises write-back
|
|
|
|
|
|
Self-service sign-in activity search and reporting
|
|
|
|
|
|
Self-service group management (My Groups)
|
|
|
|
|
|
Self-service entitlement management (My Access)
|
|
|
|
|
|
Identity Governance
|
|
|
|
|
|
Automated user provisioning to apps
|
|
|
|
|
|
Automated group provisioning to apps
|
|
|
|
|
|
HR-driven provisioning
|
|
|
|
|
|
Terms of use attestation
|
|
|
|
|
|
Access certifications and reviews
|
|
|
|
|
|
Entitlements management
|
|
|
|
|
|
Privileged Identity Management (PIM), just-in-time access
|
|
|
|
|
|
Event logging and reporting
|
|
|
|
|
|
Basic security and usage reports
|
|
|
|
|
|
Advanced security and usage reports
|
|
|
|
|
|
Identity Protection: vulnerabilities and risky accounts
|
|
|
|
|
|
Identity Protection: risk events investigation, SIEM connectivity
|
|
|
|
|
|
Frontline workers
|
|
|
|
|
|
SMS sign-in
|
|
|
|
|
|
Shared device sign-out
|
|
|
|
|
|
Delegated user management portal (My Staff)
|
|
|
|
|
|
External Identities See pricing
|
|
|
|
|
|
|
|
|
|
|
Azure Active Directory FreeOriginally starting from Free now starting from Free Free Free
|
Office 365Originally starting from Free now starting from Free Free Free
|
Azure Active Directory Premium P1Originally starting from $6.00 now starting from $6.00 $6.00 $6.00 user/month
|
Azure Active Directory Premium P2Originally starting from $9.00 now starting from $9.00 $9.00 $9.00 user/month
|
Get Azure AD Premium
Contact your Microsoft representative.
FAQ
-
You’ll need an Azure or Office 365 subscription. You can use an existing subscription or set up a new one and then sign into the Microsoft 365 portal with your credentials to buy Azure AD licenses. Learn more.
-
To manage your Azure Active Directory Premium P1 or Premium P2, or Enterprise Mobility + Security licenses, sign in with your credentials or learn more.
-
Enterprise Mobility + Security E3 licenses include Azure Active Directory Premium P1. Enterprise Mobility + Security E5 licenses include Azure Active Directory Premium P2.
Support and service-level agreement
Technical support for Azure Active Directory is available through Azure Support.
Billing and account management support is provided at no additional cost. Learn more.
Service-level agreement (SLA): Azure Active Directory Premium editions guarantee a 99.99% effective April 1, 2021, monthly availability. Free services, such as Azure Active Directory Free, don’t have an SLA. For more details, visit the Azure SLA page.
- [1] The free edition of Azure AD is included with a subscription of a commercial online service such as Azure, Dynamics 365, Intune, Power Platform, and others in countries where they are available for sale.
- [2] Additional Azure AD features are included with Office 365 E1, E3, E5, F1, and F3 subscriptions in countries where they are available for sale.
- [3] With the free edition of Azure AD end users who have been assigned access to software as a service (SaaS) apps can get single sign-on access to unlimited number of cloud apps. On-premises apps require Azure AD Application Proxy or secure hybrid partnerships integrations available with Azure AD Premium P1 and Premium P2.
- [4] Authentication methods and configuration capabilities may vary by subscription. Learn more.
- [5] FIDO2 security key partners.
- [6] Terms and conditions for service-level agreements.
- [7] To access the cloud app discovery features go to the cloud app security portal and log in with your Azure AD Premium P1 credentials. Azure AD Premium P2 customers won’t need to enter credentials and will be automatically redirected.
- [8] Secure hybrid access partnerships; Conditional access API requires Premium P1; Risky User API requires Premium P2 for Secure Hybrid Access.
- [9] First monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring Azure AD Federation Services, Azure AD Connect, and Azure AD Domain Services are considered separate agents.
- [10] Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, Microsoft Identity Manager can be installed and used on that server. No separate license is required for Microsoft Identity Manager Server.
- [11] Azure Active Directory Domain Services pricing.
Follow Microsoft