{"id":44286,"date":"2023-01-09T11:01:00","date_gmt":"2023-01-09T16:01:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=44286"},"modified":"2024-08-15T17:50:41","modified_gmt":"2024-08-15T21:50:41","slug":"understanding-aad-pricing-free","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free","title":{"rendered":"Entra ID\u00ae Free"},"content":{"rendered":"\n<p><em>Editor\u2019s Note: Given the fast-paced nature of technology, it is possible that some of the information presented in this article is out of date, or incomplete, in some fashion. The author periodically reviews and revises this article to ensure information contained within is as accurate as possible.<\/em><\/p>\n\n\n<hr>\n\n\n\n<p>This article analyzes the features and benefits offered by Microsoft\u2019s Entra ID \u201cFree\u201d edition, as well as the potential drawbacks and challenges of adopting Microsoft\u2019s cloud platform. You\u2019ll also learn more about the impact of these constraints on your overall security posture.<\/p>\n\n\n\n<p>Microsoft provides services to secure devices, extend <a href=\"https:\/\/jumpcloud.com\/platform\/single-sign-on\" target=\"_blank\" rel=\"noreferrer noopener\">single sign-on<\/a> (SSO) access to network appliances, and manage entitlements. There are many interwoven, segmented services in the Microsoft 365 and Defender product portfolios. It\u2019s important to understand what each Entra ID SKU provides, and what\u2019s gated off. Making an informed decision about your requirements will determine the value of \u201cfree.\u201d Consider that the ultimate goal for Microsoft is to tie customers to a vertically integrated suite of tools, which can limit flexibility while raising costs and management overhead.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading1\">What Is Entra ID?<\/h2>\n\n\n\n<p>Entra ID is a cloud directory service that extends Active Directory (AD) identities to Microsoft<sup>\u00ae<\/sup> Azure, Microsoft web applications (like Microsoft 365\u2122), and external SSO apps. It\u2019s also a cloud directory for organizations that don\u2019t use AD but would like to use Microsoft Office.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"268\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Entra-ID-licensing.png\" alt=\"Entra ID tiers\" class=\"wp-image-103181\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Entra-ID-licensing.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Entra-ID-licensing-300x157.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><figcaption class=\"wp-element-caption\"><em><em>\u201cFree\u201d quickly escalates to incrementally higher costs per user. Image credit: Microsoft<\/em><\/em><\/figcaption><\/figure>\n\n\n\n<p>Entra ID Free is a cloud directory for Office 365 with limited features and no device management beyond what Active Directory (AD) delivers for Windows endpoints. It notably lacks modern entitlement management. Entra integrates AD users through Azure AD Connect and cloud sync, but the deployment options are limited. Organizations that require managed domain services and don\u2019t have an on-premises Active Directory Domain Service (AD DS) environment must subscribe to Azure Active Directory Domain Services (Azure AD DS). Note that Entra ID isn\u2019t a cloud replacement for on-prem Active Directory. It won\u2019t manage your systems, especially non-Windows OSs.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> Premium licenses are a prerequisite to federate with identity providers (IdPs) like Google.<\/p><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading2\">Benefits of Entra ID Free<\/h2>\n\n\n\n<p>There are several benefits for Microsoft users with simple configurations and few users. Entra ID Free has the following features:<\/p>\n\n\n\n<ul>\n<li>The ability to sync Active Directory via Entra ID Connect<\/li>\n\n\n\n<li>Basic RBAC user and group management<\/li>\n\n\n\n<li>Multi-factor authentication (MFA) with passwordless options for Windows only&nbsp;<\/li>\n\n\n\n<li>Sync with up to 500,000 directory objects<\/li>\n\n\n\n<li>SSO for external SaaS applications using Microsoft identities<\/li>\n\n\n\n<li>Self-service password change for cloud users only (this does not include password resets that write back to on-prem AD)<\/li>\n\n\n\n<li>The ability to Sync with Entra ID Connect (which is a Microsoft utility designed to bridge the gap between on-prem AD and Entra ID)<\/li>\n\n\n\n<li>View basic reporting on their substrate identity management solution with Security Information and Events Management (SIEM) connectivity.<\/li>\n\n\n\n<li>Use basic security and usage reports<\/li>\n\n\n\n<li>Use automated user provisioning to Microsoft and other SaaS apps<\/li>\n\n\n\n<li>Pay for advanced features to meet future requirements<\/li>\n<\/ul>\n\n\n\n<p>Entra ID Free offers basic SSO functionality that\u2019s essential for organizations using AD to access Microsoft&#8217;s portfolio of cloud services. It\u2019s also essential (and prerequisite) for cloud-first organizations to access the M365 suite, but it lacks interoperability with other IdPs. For example, Entra ID Free doesn\u2019t allow AD users to access Google Workspace. That may be acceptable for Microsoft-only infrastructures, but leaves little room to ever change direction.<\/p>\n\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/04\/Promos_GooglePartnership_290x175-SiteDisplay_GooglePartnershipPage-aspect-ratio-160-110.png\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n                    <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Securely connect to any resource using Google Workspace and JumpCloud.        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/leverage-jumpcloud-and-google-together\" data-promo=\"JumpCloud and Google Workspace\" class=\"button is-primary-green promo-small-banner-link\">Learn More<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Microsoft considers AD to be a legacy technology that must be <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-modernization-is-mandatory\">modernized<\/a> and protected, but Entra ID Free lacks the capabilities Microsoft has included in its new <a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/privileged-access-workstations\/privileged-access-access-model\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">enterprise access model<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading3\">Drawbacks of Entra ID Free<\/h2>\n\n\n\n<p>Significantly, Entra ID omits features <a href=\"https:\/\/jumpcloud.com\/blog\/2022-fal-con-event-recap\">deemed necessary<\/a> by security experts for cloud-based identity management. Entra ID Free remains remarkably similar to when it was introduced for limited SSO in 2014. However, the silos between endpoints, data protection, and user identity are dissolving in response to the evolving tactics of sophisticated threat actors. That results in a stagnant security posture that is no longer sufficient to address today\u2019s security concerns as attackers have adapted to move laterally more rapidly than ever. The free edition of Entra ID maintains undesirable boundaries between IT and security operations to mitigate these threats.<\/p>\n\n\n\n<p>Microsoft cordons off Entra ID features that protect identities everywhere they exist in addition to the associated security and compliance controls. It\u2019s impossible to <a href=\"https:\/\/jumpcloud.com\/blog\/azure-ad-best-practices\">follow Microsoft\u2019s best practices<\/a> for Entra ID without subscribing to either Premium 1 (P1) or Premium (P2) as well as Intune to manage your devices. P1 and P2 are necessary for SSO into on-premise Windows applications. There\u2019s also an extra cost to use identities external to the Microsoft ecosystem. Several identity governance features were removed from P2 and gated off into a separate SKU that\u2019s an add-on to Entra ID\u2019s Premium plans. There\u2019s always an upsell to get specific features.<\/p>\n\n\n\n<p>Many IT shops adopt Microsoft because products \u201cwork well together.\u201d Unfortunately, you must pay to fully integrate Entra ID with AD and Windows Server roles such as <a href=\"https:\/\/jumpcloud.com\/blog\/radius-in-the-cloud\">NPS for network authentication<\/a> behind the firewall. Even <a href=\"https:\/\/jumpcloud.com\/blog\/intune-pricing\">Intune is a separate product<\/a> that has its own console and interface. Navigating your options can be a complicated undertaking that\u2019s even given rise to websites dedicated to <a href=\"https:\/\/m365maps.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">demystifying its licensing<\/a>. Further, implementing Entra ID\u2019s enterprise features (and even AD integration) could compel you to hire specialized consultants.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"287\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Microsoft.png\" alt=\"Microsoft 365\" class=\"wp-image-103180\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Microsoft.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Microsoft-300x168.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><figcaption class=\"wp-element-caption\"><em>Fully managing identities and devices can be even more expensive and bundle many heavy-duty apps and features you don\u2019t want or need. Image credit: Microsoft<\/em><\/figcaption><\/figure>\n\n\n\n<p>The next section explores how gated licensing impacts your ability to reach your operational and security objectives and manage identities throughout your entire infrastructure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Gated Licensing<\/h3>\n\n\n\n<p>Organizations must assess what\u2019s feasible to spend per user and balance that reality against productivity gains and security obligations. It can be difficult (and often confusing) to forecast your needs when licensing is complex and required features are gated off into higher licensing tiers. Buying more than your need to obtain a few required features is a Faustian bargain that can significantly impact IT departments and budgets, especially when more services are added. Entra ID, Intune, and Microsoft\u2019s Defender security stack can satisfy complex, exhaustive identity and access management (IAM) use cases and security requirements if the reference architecture is followed. That, however, also makes it nearly impossible to switch to other vendors. Entra ID \u201cfree\u201d is the starting point.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">SSO and Provisioning Limitations<\/h4>\n\n\n\n<p>Here are a few examples to consider about how licensing factors in. First, let\u2019s examine authentication and access control for your applications, both on-premise and SaaS:<\/p>\n\n\n\n<ul>\n<li>It\u2019s not possible to have SSO for domain-bound applications without P1, P2. The same holds true for accessing resources behind the firewall via integrated Windows authentication.<\/li>\n\n\n\n<li>Group assignments to applications will require P1 or P2.<\/li>\n\n\n\n<li>Attribute-based access control (ABAC) and dynamic groups that automate and safeguard entitlements management are unavailable. There\u2019s no continuous access evaluation.<\/li>\n\n\n\n<li>You cannot utilize external IdPs without paying more.<\/li>\n\n\n\n<li>Security configurations are limited to the security defaults with Entra ID Free with per user settings versus group management. Per Microsoft, \u201cAuthentication methods and configuration capabilities may vary by subscription.\u201d<\/li>\n\n\n\n<li>Conditional access for <a href=\"https:\/\/jumpcloud.com\/solutions\/zero-trust\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust security<\/a> is limited to P1, P2. This capability is also deemed essential by Microsoft for privileged access management in AD. You\u2019ll have to upgrade <em>immediately<\/em> just to have the baseline level of security that Microsoft advises.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"223\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Microsoft-architecture.png\" alt=\"Microsoft Architecture\" class=\"wp-image-103182\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Microsoft-architecture.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/Microsoft-architecture-300x131.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p><em>Image credit: Microsoft<\/em><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">User Provisioning&nbsp;<\/h4>\n\n\n\n<ul>\n<li>HR-driven provisioning is unavailable outside of P1, P2<\/li>\n\n\n\n<li>Self-service password changes with on-premise write-back requires P1, P2<\/li>\n\n\n\n<li>Advanced group management driven by policies and rules requires P1, P2<\/li>\n\n\n\n<li>Advanced security and usage reports for compliance reporting requires P1, P2<\/li>\n\n\n\n<li>Cross-tenant user synchronization is unavailable<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">No Device Management<\/h4>\n\n\n\n<p>Identity is the new perimeter, and it\u2019s not possible to protect identities without also <a href=\"https:\/\/jumpcloud.com\/blog\/comparing-jumpcloud-azure-ad-intune\">managing devices<\/a> through <a href=\"https:\/\/jumpcloud.com\/blog\/mdm-mobile-device-management\">mobile device management<\/a> (MDM) or <a href=\"https:\/\/jumpcloud.com\/blog\/what-are-group-policy-objects#:~:text=GPOs%20Reimagined,access%2C%20and%20a%20lot%20more.\">GPO-like policies<\/a>. The device is a substrate for the user, their activities, and your organization\u2019s data. CrowdStrike <a href=\"https:\/\/jumpcloud.com\/blog\/2022-fal-con-event-recap\">found<\/a> that 25% of attacks occur on devices without any endpoint protection and 71% of attacks are malware free once the adversary is in the environment. These types of attacks lack traditional indicators of compromise and are easier to hide among standard IT traffic. Endpoint Detection and Response (EDR) security cannot safeguard against inadequate IAM security practices.<\/p>\n\n\n\n<p>Now, consider that Entra ID Free won\u2019t manage devices. It becomes necessary to enroll in Intune, which accrues significant price increases per user. There are even multiple Intune SKUs and add-ons. It\u2019s easy for admins to suddenly find themselves heavily oriented toward Microsoft.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Identity Silos<\/h3>\n\n\n\n<p>Overall, Entra ID Free can be a useful tool for admins looking to introduce their organization to cloud-based infrastructure. However, it ultimately requires a number of additional authentication solutions to serve as a core IdP. For instance, Entra ID doesn\u2019t natively authenticate users to their Wi-Fi networks or hardware via <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-the-radius-protocol\">RADIUS<\/a> or <a href=\"https:\/\/jumpcloud.com\/blog\/how-to-connect-your-application-to-ldap\">LDAP<\/a>. That holds true for P1, P2.&nbsp;<\/p>\n\n\n\n<p>Organizations either have to maintain a parallel system for authentication or invest in additional server infrastructure and configurations \u2014 a sequence of activities that isn&#8217;t free. Siloed identities complicate identity practices, increase technical overhead, and enlarge the attack surface area. Monoculture also increases the risk of lateral movement during an attack.<\/p>\n\n\n\n<p>As previously noted, Entra costs more when it\u2019s used to govern and manage external IDs through Entra ID. There are additional charges applied for MFA from external IDs. Costs will rise organically as your organization grows and the velocity of authentications increases.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Complexity<\/h3>\n\n\n\n<p>\u201cFree\u201d is a relative term. Entra ID Free helps organizations with a small number of users and devices to manage Microsoft applications and SaaS services, but security is inherently lacking when those resources are being accessed using untrusted devices. Gaps in services and dependencies on the Windows platform may increase your workload and make implementation much more difficult. Then, you\u2019ll have to manage Entra ID or Entra ID + AD in perpetuity.<\/p>\n\n\n\n<p>Working toward Zero Trust security and compliance with ever expanding regulations obligates someone in your organization, or a trusted advisor, to become an expert in Microsoft licensing. Licensing and product bundles change and are rebranded with some regularity. Your team will also have to make many determinations to live within your budget. It\u2019s not strictly about subscriptions \u2014 you\u2019ll also have to account for implementation costs and <a href=\"https:\/\/jumpcloud.com\/blog\/how-to-use-jumpclouds-tco-calculator\">TCO<\/a>.<\/p>\n\n\n\n<p>The variety of cloud services from Microsoft and challenges of migrating from Active Directory to the cloud have given rise to a <a href=\"https:\/\/azure.microsoft.com\/en-us\/partners\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">cottage industry<\/a> of consultants. This is due to the breadth of enterprise configurations and resulting complexity that many enterprises encounter. The complexity is ongoing: Azure uses role-based access control (RBAC) for security. RBAC can be labor-intensive and requires ongoing maintenance for a least privilege access model. An additional SKU is generally necessary to add automations to lifecycle workflows. Adding Intune into the mix means mastering <a href=\"https:\/\/jumpcloud.com\/blog\/intune-replace-sccm\">ConfigMgr<\/a>, due to <a href=\"https:\/\/www.reddit.com\/r\/Intune\/comments\/ype3tz\/which_challenges_are_you_facing_with_intune\/\" target=\"_blank\" rel=\"noreferrer noopener\">limitations<\/a> in the Intune web console.<\/p>\n\n\n\n<p>IT teams must also set up <a href=\"https:\/\/jumpcloud.com\/blog\/azure-ad-best-practices\">best practices<\/a> for Entra ID, some of which are critical due to the potential for phishing to be used to compromise identities. Plan on spending extra time to focus on those critical Entra ID settings, in spite of your subscription level. For example, Entra ID\u2019s default settings permit all users to access the Entra ID admin portal and register custom SSO applets (My Apps). Attackers are actively exploiting this workflow in phishing exploits, which can <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-phishing-bypassed-mfa-in-attacks-against-10-000-orgs\/\" target=\"_blank\" rel=\"noreferrer noopener\">bypass MFA<\/a> in some circumstances. Entra ID Free is unsuitable for quality security.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"328\" height=\"252\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/role-permissions.png\" alt=\"Default user role permissions\" class=\"wp-image-103183\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/role-permissions.png 328w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/role-permissions-300x230.png 300w\" sizes=\"(max-width: 328px) 100vw, 328px\" \/><figcaption class=\"wp-element-caption\"><em><em>Users can register SSO applications by default, which raises the risk for credential theft.<\/em><\/em><\/figcaption><\/figure>\n\n\n\n<p>This complexity exists due to the amount of scenarios Microsoft supports, down to the granular requirements of large enterprises. It has also woven trials and upsells into admin settings workflows such as self-service password reset (SSPR). This blurs the lines between what\u2019s possible to configure and what\u2019s not within your reach. For example, a \u201cFree\u201d tier admin sees the option to configure SSPR, but will be prompted to assign a premium tier license to users if there\u2019s a desire to have the password write-back to AD. SSPR only works for cloud users.<\/p>\n\n\n\n<p>A small or medium-sized enterprise (SME) should consider whether it\u2019s ready for and can afford this platform.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Azure and Vendor Lock-In<\/h2>\n\n\n\n<p>IT teams that are centered around AD expand Microsoft\u2019s presence in their infrastructure by adopting Entra ID. Any SME that adopts Entra ID and other Azure products becomes more deeply embedded in Microsoft \u201cmonoculture\u201d over time as custom configurations and more integrations occur. This is fine for some organizations that have deeper expertise in Microsoft platforms. They accept the vendor risk of standardizing all essential IT infrastructure and operations with a sole partner.<\/p>\n\n\n\n<p>Sometimes, a combination of Entra ID and third-party services, such as JumpCloud, is more optimal. This next section outlines how JumpCloud integrates with and extends Microsoft systems through its open directory platform.<\/p>\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/men-collaborating-with-laptop-aspect-ratio-160-110.jpg\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n            Pricing Options for Every Organization        <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Packages and A La Carte Pricing        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/pricing\" data-promo=\"Explore Pricing\" class=\"button is-primary-green promo-small-banner-link\">Explore JumpCloud Pricing<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading4\">An Open Directory Platform<\/h2>\n\n\n\n<p>JumpCloud\u2019s open directory platform provides <em>value<\/em> lock-in and enables you to choose any best-of-breed solution you want. For instance, your organization might prefer Google Workspace over M365 or choose identity and endpoint protection from CrowdStrike instead of Defender. You can connect users to any resource, from any location, from trusted devices, with the appropriate permissions, while abiding by Zero Trust principles. The platform provides SSO and device management, as well as compliance and reporting, to access and secure resources.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"140\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/JumpCloud.png\" alt=\"JumpCloud Platform\" class=\"wp-image-103184\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/JumpCloud.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/JumpCloud-300x82.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>JumpCloud can <a href=\"https:\/\/jumpcloud.com\/blog\/integrate-ad-jumpcloud\">modernize AD<\/a> and even offers password write-back to it from the cloud.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">SSO to Everything<\/h3>\n\n\n\n<p>The open directory accepts third-party identities from <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/g-suite-user-import-provisioning-and-sync1\" target=\"_blank\" rel=\"noreferrer noopener\">Google<\/a>, <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/using-jumpclouds-ldap-as-a-service1\" target=\"_blank\" rel=\"noreferrer noopener\">LDAP<\/a>, Microsoft <a href=\"https:\/\/jumpcloud.com\/resources\/ad-integration\" target=\"_blank\" rel=\"noreferrer noopener\">AD<\/a> and <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/office-365-user-import-provisioning-and-sync1\" target=\"_blank\" rel=\"noreferrer noopener\">Entra ID<\/a>, <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/ConfiguringOktaDelegatedAuthority\" target=\"_blank\" rel=\"noreferrer noopener\">Okta<\/a>, and a wide variety of authentication protocols. Every authentication method is <a href=\"https:\/\/jumpcloud.com\/platform\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">protected by MFA<\/a> through either Push MFA with the JumpCloud Protect\u2122 app or TOTP options. A <a href=\"https:\/\/jumpcloud.com\/support\/get-started-jumpcloud-go\" target=\"_blank\" rel=\"noreferrer noopener\">phishing-resistant credential<\/a> is also available to secure the user console. <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/Getting-Started-Conditional-Access-Policies\" target=\"_blank\" rel=\"noreferrer noopener\">Conditional access policies<\/a> are optional, and JumpCloud offers a <a href=\"https:\/\/jumpcloud.com\/platform\/password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">decentralized password manager and vault<\/a> to protect user credentials for situations when SSO is not an option.<\/p>\n\n\n\n<p>The supported protocols include:<\/p>\n\n\n\n<ul>\n<li>Cloud LDAP<\/li>\n\n\n\n<li>OIDC<\/li>\n\n\n\n<li>RADIUS with <a href=\"https:\/\/jumpcloud.com\/blog\/dynamic-vlan-assignment-2\">dynamic VLAN assignment<\/a>&nbsp;<\/li>\n\n\n\n<li>SAML with <a href=\"https:\/\/jumpcloud.com\/blog\/scim-provisioning-defined\">SCIM provisioning<\/a><\/li>\n\n\n\n<li>A RESTful API<\/li>\n<\/ul>\n\n\n\n<p>Users are provisioned through either importing accounts or attributes (and even Entra ID group assignments) from another directory or integrations with popular <a href=\"https:\/\/jumpcloud.com\/blog\/how-jumpclouds-hris-integration-works\">HRIS systems<\/a>. There\u2019s no \u201ctax\u201d placed on having basic interoperability or using external identities. SSPR is also available without raising your license requirements. Access to applications is managed through groups with automated entitlement controls by using <a href=\"https:\/\/jumpcloud.com\/blog\/the-immediate-advantages-of-attribute-based-access-control\">attribute-based access control<\/a>. ABAC reduces management overhead and the possibility of introducing errors such as wasting licenses on inactive users. It\u2019s Zero Trust by virtue of continuously verifying user attributes, which serves as a security control to avoid insider threats or forgotten user accounts.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" width=\"512\" height=\"505\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/account.png\" alt=\"JumpCloud user accounts\" class=\"wp-image-103186\" style=\"width:511px;height:auto\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/account.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/account-300x296.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>JumpCloud uses dynamic groups to automatically organize users and devices using basic attributes. The <a href=\"https:\/\/jumpcloud.com\/blog\/q4-2023-product-roadmap-webinar#:~:text=In%20Q4%20(and%20beyond)%2C,mobile%20device%20management%20(MDM)\">next phase<\/a> will include operators to create compound queries, which will increase admin efficiency even further and streamline device and identity lifecycle management.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"448\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/membership-controls.png\" alt=\"membership controls\" class=\"wp-image-103185\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/membership-controls.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/membership-controls-300x263.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Device Management&nbsp;<\/h3>\n\n\n\n<p>Device management is included at no added cost for Android, Apple products, Linux, and Windows. It includes MDM, pre-built policies (such as full disk encryption), and a commands queue. Windows admins can even utilize <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/the-jumpcloud-powershell-module\" target=\"_blank\" rel=\"noreferrer noopener\">PowerShell scripts<\/a> for batch jobs. Zero-touch deployments are available for Macs and iPads\/iPhones with Windows Out of Box Experience (OOBE) as another option to stage devices and onboard users. <a href=\"https:\/\/jumpcloud.com\/blog\/jumpcloud-introduces-remote-assist\">Remote Access<\/a> is built into the platform, for several operating systems, providing further cost-savings and value. There are options for remote assistance as well as a remote, interactive command line so that troubleshooting can occur in the background without interrupting your users.<\/p>\n\n\n\n<p>Provisioning devices is streamlined. Users will soon be able to \u201cSign In With JumpCloud\u201d to auto provision and associate their JumpCloud account to their device with default account permissions. The JumpCloud agent will sync their JumpCloud password back to their device.<\/p>\n\n\n\n<p>There\u2019s also the option for <a href=\"https:\/\/jumpcloud.com\/blog\/jumpcloud-patch-management\">cross-OS patch management<\/a>, including browser version control.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"248\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/policy-management.png\" alt=\"Policy management\" class=\"wp-image-103187\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/policy-management.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/policy-management-300x145.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Reporting and Data Services<\/h3>\n\n\n\n<p>All JumpCloud tenants include <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/JumpCloud-Directory-Insights\" target=\"_blank\" rel=\"noreferrer noopener\">Directory Insights<\/a> and <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/JumpCloud-System-Insights\" target=\"_blank\" rel=\"noreferrer noopener\">System Insights<\/a> to provide telemetry that follows identities everywhere they exist and all pertinent user activities. JumpCloud also provides multiple pre-built reports for compliance purposes and management.<\/p>\n\n\n\n<p>Available reports include:<\/p>\n\n\n\n<ul>\n<li><strong>Users to Devices:<\/strong> Returns all user attributes and device associations for each user.<\/li>\n\n\n\n<li><strong>Users to RADIUS Server:<\/strong> Returns all user attributes and associations to RADIUS Servers for each user.<\/li>\n\n\n\n<li><strong>Users to LDAP:<\/strong> Returns all user attributes and associations to LDAP resources for each user.<\/li>\n\n\n\n<li><strong>Users to Directories:<\/strong> Returns all user attributes and associations to directories for each user.<\/li>\n\n\n\n<li><strong>User to SSO Applications:<\/strong> Returns all user attributes and SSO application associations for each user.<\/li>\n<\/ul>\n\n\n\n<p><strong>OS Patch Management Policy:<\/strong> Provides a clear view of each of their device&#8217;s status relative to the OS policies that they have deployed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Get Started with JumpCloud<\/h2>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Don\u2019t just think about where you are today, consider where you\u2019re headed. Compare <a href=\"https:\/\/jumpcloud.com\/blog\/comparing-jumpcloud-azure-ad-intune\">JumpCloud with Entra ID (Azure AD) and Intune<\/a> in more detail.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>Entra ID Free is a prerequisite to access Microsoft cloud apps, extends AD to the web, and can provide an economic choice for SSO into cloud resources. However, it leaves gaps in manageability and security that defers costs, which could become substantial, at a later date. Subscriptions align with features, not use cases, and will make upgrading necessary.<\/p>\n\n\n\n<p>JumpCloud\u2019s device management isn\u2019t an additional cost, but some features are optional. Simply <a href=\"https:\/\/console.jumpcloud.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">sign up for a trial<\/a> today to get started from a single admin console. Pricing is based on workflows that will help you to get things done, not gated features or upsells.<\/p>\n\n\n\n<p><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Entra ID Free is a gateway to use more Microsoft services. It doesn\u2019t control devices and limits entitlement management.<\/p>\n","protected":false},"author":150,"featured_media":73629,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[2444,2441,2398,2809,2467,2374],"collection":[2779],"platform":[],"funnel_stage":[3015],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding Entra ID\u2019s Free Tier - JumpCloud<\/title>\n<meta name=\"description\" content=\"Entra ID Free is a gateway to use more Microsoft services. It doesn\u2019t control devices and limits entitlement management.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Entra ID\u00ae Free\" \/>\n<meta property=\"og:description\" content=\"Entra ID Free is a gateway to use more Microsoft services. It doesn\u2019t control devices and limits entitlement management.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-09T16:01:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-15T21:50:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"333\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"Entra ID\u00ae Free\",\"datePublished\":\"2023-01-09T16:01:00+00:00\",\"dateModified\":\"2024-08-15T21:50:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\"},\"wordCount\":2962,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg\",\"keywords\":[\"compliance\",\"conditional access\",\"IAM\",\"intune\",\"mdm\",\"zero trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\",\"url\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\",\"name\":\"Understanding Entra ID\u2019s Free Tier - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg\",\"datePublished\":\"2023-01-09T16:01:00+00:00\",\"dateModified\":\"2024-08-15T21:50:41+00:00\",\"description\":\"Entra ID Free is a gateway to use more Microsoft services. It doesn\u2019t control devices and limits entitlement management.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg\",\"width\":512,\"height\":333},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Entra ID\u00ae Free\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understanding Entra ID\u2019s Free Tier - JumpCloud","description":"Entra ID Free is a gateway to use more Microsoft services. It doesn\u2019t control devices and limits entitlement management.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free","og_locale":"en_US","og_type":"article","og_title":"Entra ID\u00ae Free","og_description":"Entra ID Free is a gateway to use more Microsoft services. It doesn\u2019t control devices and limits entitlement management.","og_url":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free","og_site_name":"JumpCloud","article_published_time":"2023-01-09T16:01:00+00:00","article_modified_time":"2024-08-15T21:50:41+00:00","og_image":[{"width":512,"height":333,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg","type":"image\/jpeg"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"Entra ID\u00ae Free","datePublished":"2023-01-09T16:01:00+00:00","dateModified":"2024-08-15T21:50:41+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free"},"wordCount":2962,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg","keywords":["compliance","conditional access","IAM","intune","mdm","zero trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free","url":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free","name":"Understanding Entra ID\u2019s Free Tier - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg","datePublished":"2023-01-09T16:01:00+00:00","dateModified":"2024-08-15T21:50:41+00:00","description":"Entra ID Free is a gateway to use more Microsoft services. It doesn\u2019t control devices and limits entitlement management.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/9.jpeg","width":512,"height":333},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Entra ID\u00ae Free"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44286"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=44286"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44286\/revisions"}],"predecessor-version":[{"id":114262,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44286\/revisions\/114262"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/73629"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=44286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=44286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=44286"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=44286"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=44286"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=44286"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=44286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}