Azure Active Directory Licensing

By Greg Keller Posted May 30, 2017

Azure Active Directory Licensing

Similar to Microsoft Active Directory®, Azure Active Directory licensing can be confusing and complicated. In this blog post, we’ll try to unravel what you need to think about when purchasing Azure Active Directory. In addition, we’ll give you a brief background on the solution itself, along with some Azure AD alternatives, in case it turns out not to be a good fit for your organization.

Microsoft introduced Active Directory in 1999. Since then, AD has gone on to become the most popular on-prem directory service. It has historically been a monopoly in the space, and for good reason. Most organizations in the early 2000s were all Microsoft shops. Their end users were on Microsoft laptops and desktops, their server room was largely Microsoft, and their applications were built on top of the Microsoft stack. Another key point was that everything was hosted on-prem. So it made a lot of sense to also have the domain controller located on-prem.

Azure AD Enters the Cloud Scene

More recently, as the world has moved to the cloud, Microsoft has been struggling to compete. Google has made significant inroads with G Suite, as has Amazon with AWS. Microsoft responded by creating Azure and Office 365 – their cloud-based platforms. To go along with their Azure and O365 solutions, they decided to have a cloud user management platform as well. As a result, they introduced Azure Active Directory. It should be noted, that their version of a cloud identity management platform is really aimed at organizations that exclusively leverage Azure. Their authentication services for machines is only for Azure. You still need your existing on-prem AD to manage your users and devices on-prem. So think of Azure AD as an adjunct solution to the legacy Active Directory.

the future of cloud IAM

In comparison, if you are looking for a true cloud-based directory service, check out Directory-as-a-Service®. It is a solution that is platform, protocol, provider, and location independent. This means that you can authenticate Windows, Mac, and Linux devices, and leverage Azure, AWS, or Google Compute Engine. You can seamlessly integrate with Office 365 or G Suite. In terms of authentication protocols, you can use LDAP, SAML, RADIUS, SSH, and more. It is realistically a replacement for both Active Directory and Azure Active Directory.

Options for Azure Active Directory Licensing

Now, that being said, if you are interested in Azure AD licensing you will need to think about a number of items. First, you need to think about what existing licensing you have. Are you under a Microsoft Enterprise Agreement, Open Volume agreement, or part of the Cloud Solutions Program? That may entitle you to some portions of the Azure AD service. You’ll then want to think about what version is right for you. You have four choices: Free, Basic, Premium P1, Premium P2. These also vary by region and data center, and the costs are different based on those parameters as well.

From there, you’ll need to dig in and figure out what functionality you need. That can include the number of objects you want to store, whether you will use SSO, multi-factor authentication, privileged identity management, and more. All of these different features are associated with different levels of the service.

As you can see, Azure Active Directory licensing can get complicated quickly. You’ll probably want to talk to a Microsoft representative to make sure that you get it right. While it is a platform-as-a-service solution, it isn’t really a self-serve type of product.

Saas-Based Alternatives to Azure AD

On the other hand, there are alternatives that are far simpler to license and procure. SaaS-based directory services are available on a per user pricing model. They can be procured online with a credit card rather than having to talk to sales people or technical specialists.

identity management market alternative

If you would like to learn more about Azure Active Directory licensing, drop us a note. Alternatively, if you would like to find a frictionless cloud identity management solution, take a look at Directory-as-a-Service. You can sign up for a free account to try it for yourself (your first 10 users are free forever).

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts