{"id":46363,"date":"2023-02-03T09:49:01","date_gmt":"2023-02-03T14:49:01","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=46363"},"modified":"2024-11-14T17:56:23","modified_gmt":"2024-11-14T22:56:23","slug":"understanding-aad-premium-p2","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2","title":{"rendered":"Understanding Entra ID&#8217;s Premium P2 Tier"},"content":{"rendered":"\n<p><em>To better understand the structure of Entra ID, we are exploring each tier of their service offerings in a four-part series. This is the final part of the series.<\/em><\/p>\n\n\n\n<p><em>Each article covers the benefits and drawbacks that come with each of Entra ID\u2019s pricing tiers. If interested, feel free to read our previous blogs on <\/em><a href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\/\"><em>Entra ID Free<\/em><\/a><em> and <\/em><a href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p1\"><em>Entra ID Premium P1<\/em><\/a><em>.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Entra ID Premium P2<\/h2>\n\n\n\n<p>Entra ID is a cloud-based user management platform often introduced to organizations via the purchase of a Microsoft 365\u2122 license or Azure subscription. IT teams start their organizations with Entra ID Free or Microsoft 365 apps (since those are included with a subscription to either service), but that SKU has limited functionality. It\u2019s not uncommon for organizations to upgrade their Entra ID instances to P2 licenses just to get \u201cthat one thing\u201d they need or be able to deploy other Microsoft services that require the Premium SKUs. There\u2019s also guidance for organizations that use Active Directory (AD) to pay for P2 for better security.<\/p>\n\n\n\n<p>The highest level of Entra\u2019s paid licenses, Entra ID Premium 2, delivers most of its value when it&#8217;s used with <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-faq\">Active Directory<\/a>. Its premium features are most appropriate for organizations that are either heavily regulated or have extensive in-house application and data center resources that need to be monitored and secured. It has many features for compliance and security that are only suitable for large enterprises that have the capacity to deploy and support their usage. A word of caution for any IT admin that becomes heavily involved with Microsoft services: some governance features were recently moved out of P2 and into a supplemental <a href=\"https:\/\/rcpmag.com\/articles\/2023\/06\/07\/microsoft-entra-id-governance-ga.aspx\" target=\"_blank\" rel=\"noreferrer noopener\">governance SKU<\/a>. Microsoft often exercises its control after organizations have consolidated onto its platforms.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> Microsoft Learn stresses the importance of features including Identity Protection for AD, access packages, and Privileged Identity Management (PIM). The majority of this functionality has been moved to the Governance SKU, increasing subscription costs.<\/p><\/div><\/div><\/div>\n\n\n\n<p>Entra ID lacks device management features, even P2. There are additional costs for managing external identities, and management overhead increases when single sign-on (SSO) is necessary to secure access to your network devices. Microsoft offers appear to be integrated, but in reality are a <a href=\"https:\/\/jumpcloud.com\/blog\/evaluating-the-costs-and-risks-of-migrating-to-m365\">patchwork of services and consoles<\/a> that admins must make work together.<\/p>\n\n\n\n<p>As such, we will evaluate Entra ID Premium P2\u2019s native capabilities as a standalone product, and how organizations can best utilize its services to enhance their productivity and security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading1\">Benefits of Entra ID Premium P2<\/h2>\n\n\n\n<p>Entra ID Premium P2 is most commonly used for providing insight into user activity within Azure infrastructure, Microsoft 365, and web applications. Entra ID Premium P2\u2019s feature set offers admins the opportunity to thoroughly manage their users and access control. Lower tiers of Entra have limitations such as no session and user risk factors, or Identity Protection for AD.&nbsp;<\/p>\n\n\n\n<p>Entra ID Premium 2 offers the following features:<\/p>\n\n\n\n<ul>\n<li>Includes all of the features listed for <a href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-o365-apps\/\">Entra ID Microsoft 365 apps<\/a>&nbsp;<\/li>\n\n\n\n<li>SSO for an unlimited number of pre-integrated SaaS applications<\/li>\n\n\n\n<li>Self-service application assignment to enable users to self-discover and request access to resources<\/li>\n\n\n\n<li>On-prem write-back for all password changes<\/li>\n\n\n\n<li>Advanced usage reporting<\/li>\n\n\n\n<li>HR-driven provisioning<\/li>\n\n\n\n<li>Self-service group management and application management&nbsp;<\/li>\n\n\n\n<li>Microsoft<sup>\u00ae<\/sup> Identity Management (MIM) CAL + MIM server for simplified lifecycle user management<\/li>\n\n\n\n<li>Conditional access based on device state, app filters, location, and groups<\/li>\n\n\n\n<li>Step-up authentication based on authentication context<\/li>\n\n\n\n<li>Continuous access evaluation, token protection, and session lifetime management<\/li>\n\n\n\n<li>Risk event investigation<\/li>\n\n\n\n<li>Automate password rollover for group accounts<\/li>\n\n\n\n<li>Application proxy for on-premises, header-based, and Integrated Windows Authentication<\/li>\n\n\n\n<li>Role-based access control (RBAC)<\/li>\n\n\n\n<li>Risk-based Identity Protection, which is mandatory to protect legacy AD&nbsp;<\/li>\n\n\n\n<li>Privileged identity management<\/li>\n\n\n\n<li>Self-service entitlement management (My Access) and other basic entitlements management features not found in the Governance SKU<\/li>\n\n\n\n<li>Privileged Identity Management (PIM) is included, but access reviews that are essential for attestation have been moved into the Governance SKU<\/li>\n\n\n\n<li>Cloud app discovery (Windows Defender for Cloud Apps)<\/li>\n\n\n\n<li>Identity Protection reporting: vulnerabilities and risky accounts<\/li>\n\n\n\n<li>Identity Protection reporting: risk events investigation, SIEM connectivity<\/li>\n\n\n\n<li>A service-level agreement<\/li>\n<\/ul>\n\n\n\n<p>The biggest difference between Entra Premium P1 and P2 is that when admins purchase Entra ID Premium P2, they attain the ability to deeply observe their users and detect possible threats by automating the detection and remediation of identity-based risks, investigating risks using data in the portal, and exporting risk detection data to third-party utilities for further analysis.<\/p>\n\n\n\n<p>These sound like features that are nice to have, but they\u2019re mandatory if you\u2019re using AD. Microsoft\u2019s <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-modernization-is-mandatory\">reference architecture<\/a> and public statements indicate that AD is considered a legacy technology that must be secured and protected. However, even P2 isn\u2019t enough to accomplish that objective: Defender for Identity is also prescribed (and a separate subscription).<\/p>\n\n\n\n<p>Entra ID Premium 2 provides admins with much more data than its previous iterations, effectively alerting organizations in a way that helps them attain compliance and troubleshoot issues that may exist with Entra or Azure. However, it doesn\u2019t include everything.<\/p>\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/large-202303-EB-Resource-BreakingUpWithAD-290x175-SiteDisplay-aspect-ratio-160-110.png\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n            Breaking Up with Active Directory        <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Don\u2019t let your directory hold you back. Learn why it\u2019s time to break up with AD.        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/resources\/ebook-breaking-up-with-active-directory\" data-promo=\"Breaking Up with Active Directory\" class=\"button is-primary-green promo-small-banner-link\">Read Now<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading2\">Drawbacks of Entra ID Premium P2<\/h2>\n\n\n\n<p>As mentioned above, Entra P2 integrates with AD and offers Identity Protection, but doesn\u2019t include services that are required to prevent lateral movement by attackers. Even in relation to the P1 tier, workarounds are required to utilize core network protocols to secure and manage access to network devices. Devices serve as the gateway to access resources to work and leaving devices unmanaged fails to achieve a <a href=\"https:\/\/jumpcloud.com\/solutions\/zero-trust\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust<\/a> security posture like <a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/privileged-access-workstations\/security-rapid-modernization-plan\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Microsoft recommends<\/a>. Entra P2 is the highest tier of the product line, but it won\u2019t manage devices without an <a href=\"https:\/\/jumpcloud.com\/blog\/intune-pricing\">Intune<sup>\u00ae<\/sup> subscription<\/a> from Microsoft or a different M365 SKU that includes it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Implementation<\/h3>\n\n\n\n<p>Many admins just want to use MS Office, tighten up their security posture, and be business enablers by providing users with the solutions that they need. Organizations that adopt Microsoft become focused on rolling out its products instead of assisting business performance.<\/p>\n\n\n\n<p>Microsoft licensing can be complex, and implementing <a href=\"https:\/\/jumpcloud.com\/blog\/azure-ad-best-practices\">best practices for Entra<\/a> takes a lot of work. License management and pricing can be complex\/unpredictable without understanding how everything interconnects and what features are included in each plan. Some features are gated off and require more services to run, including reporting for conditional access policies.<\/p>\n\n\n\n<p>Many organizations may have to hire consultants to guide them through the migration. These challenges have given rise to a <a href=\"https:\/\/azure.microsoft.com\/en-us\/partners\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">cottage industry<\/a> of consultants. Otherwise deploying all of these features leads to reskilling and new hires at market rates. This is due to the breadth of configurations and resulting complexity that Microsoft\u2019s enterprise features involve. Entra P2 includes more sophisticated features that are more likely to require dedicated internal teams with support from specialized external resources. Otherwise, implementations will be incomplete or small and medium-sized enterprises (SMEs) will pay for services that won\u2019t be used.<\/p>\n\n\n\n<p>There are also licensing stipulations to deploy the features that are listed in P2. For example, Entra Connect Health reporting includes fine print:&nbsp; \u201cFirst monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring Entra ID Federation Services, Entra ID Connect, and Entra ID Domain Services are considered separate agents.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Fit and Value for SMEs<\/h3>\n\n\n\n<p>It\u2019s unlikely that SMEs will have the ability to support a full Entra P2 implementation or have the requirements for advanced compliance reporting or a security operations center to support it. Unfortunately, some useful IT management capabilities are also walled off into the P2 tier. SMEs that have P2 recommended to them should evaluate whether they\u2019ll receive enough payback.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Bad Economics of Lock-In<\/h3>\n\n\n\n<p>Entra P2 is usually packaged with a vast vertically integrated suite of tools and applications that will dominate your enterprise. There are stipulations where additional licenses are required. For example, using reporting mode in Entra ID requires that you pay for Azure Monitor to set up a Log Analytics Workspace. The reporting feature is seemingly included in P1 and P2, but really isn\u2019t.<\/p>\n\n\n\n<p>Many organizations are looking for options outside of Microsoft to deal with the diversities of mixed device types, mixed working arrangements, and accelerated cloud adoption. Adopting P2 is a decision that may not have an immediate impact on those objectives, but it eventually will, because P2 is usually bundled with many unrelated apps and services that take over your stack. Organizations will lose the flexibility to use best of breed services that users may prefer. McKinsey <a href=\"https:\/\/www.mckinsey.com\/capabilities\/mckinsey-digital\/our-insights\/businesss-its-not-my-problem-it-problem\" target=\"_blank\" rel=\"noreferrer noopener\">advises<\/a> closer involvement between IT and the business sides of companies. Microsoft\u2019s bundling increases its customer lifetime value versus making SMEs more responsive\/competitive. Time spent implementing the product impedes business\/IT alignment.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Missing Identity and Access Control Functionality&nbsp;<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">SSO to Everything<\/h4>\n\n\n\n<p>Entra P2 is designed to work in conjunction with a directory service and lacks features most organizations find necessary to achieve SSO to everything. For example, no matter the subscription tier, Entra lacks the ability to manage user access to networks via RADIUS or LDAP unless you pay Microsoft more money and use more of its services.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> Windows Hello doesn\u2019t extend beyond Windows, limiting modern authentication.<\/p><\/div><\/div><\/div>\n\n\n\n<p>Unfortunately, this ingrains many admins into Microsoft\u2019s hybrid infrastructure, which is less than ideal for cloud-forward organizations looking to leave behind the time and <a href=\"https:\/\/jumpcloud.com\/blog\/microsoft-server-core-licensing-costs-more\">cost<\/a> of running server rooms. Additionally, AD\u2019s RADIUS authentication is performed via an on-prem NPS server, which requires additional infrastructure and increases the attack surface area. Remember, Microsoft has designated AD as a <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-modernization-is-mandatory\">legacy technology<\/a> that must be modernized and protected.<\/p>\n\n\n\n<p>IT admins that are looking to move past legacy hardware will find that AD + Entra ID P2 isn\u2019t the most ideal choice. Using P2 with AD still leaves gaps in security posture and access management.<\/p>\n\n\n\n<p>It&#8217;s important to note that extensive manual implementation can leave the door open for human error and welcome cyberthreats such as opportunistic attacks on misconfigured networks.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p> Management overhead for on-premise resources and the requirement for additional Azure services raises <a href=\"https:\/\/jumpcloud.com\/blog\/azure-ad-total-cost-ownership\">Entra P2\u2019s TCO<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">External Identities<\/h4>\n\n\n\n<p>Microsoft Entra\u2019s Governance SKU may be required to fully manage external identities. There are also a few <a href=\"https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/active-directory\/external-identities\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">ad hoc costs<\/a>, such as a charge for authenticating external identities with its MFA. Features are geared toward advanced enterprise workflows and governance requirements.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Device Management<\/h4>\n\n\n\n<p>Many IT administrators choose to implement their Entra instances in conjunction with a directory service. They often use on-prem AD, which syncs with Entra via Entra ID Connect, allowing users to leverage their AD credentials for SSO to web applications and Azure infrastructure. However, this leaves a device management gap for organizations that are also invested in systems beyond Windows (such as Android, macOS<sup>\u00ae<\/sup>, and Linux<sup>\u00ae<\/sup>). Organizations that adopt Entra ID will need to buy additional solutions to manage those endpoints, such as Microsoft\u2019s Intune subscription. Unmanaged endpoints defeat the purpose of having strong access control.<\/p>\n\n\n\n<p>Admins looking to use Entra ID Premium P2 as their directory typically choose it for its cloud-based Identity and Access Management (IAM) and security infrastructure. However, it\u2019s not the only option and may not be the best fit for your organization. A cloud-based directory service should be able to modernize AD, provide access to every resource, and manage cross-OS devices. That combination of features is necessary to achieve a Zero Trust posture that makes identity the new perimeter with secure access to resources from all devices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading3\">Open Directory Services<\/h2>\n\n\n\n<p>Organizations that are cloud-first, have external identities (such as Google Workspace), and devices other than Windows may find more value in JumpCloud. JumpCloud is an <a href=\"https:\/\/jumpcloud.com\/platform\/cloud-directory\">open directory platform<\/a> that unifies identity, access, and endpoint management, regardless of the underlying authentication method or device ecosystem. It also <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-integration\">integrates with AD<\/a>.&nbsp;<\/p>\n\n\n\n<p>In contrast to standalone Entra, the JumpCloud platform provides SSO to everything and includes environment-wide MFA. It supports the following network protocols:<\/p>\n\n\n\n<ul>\n<li>LDAP<\/li>\n\n\n\n<li>RADIUS<\/li>\n\n\n\n<li>SAML<\/li>\n\n\n\n<li>RESTful APIs<\/li>\n\n\n\n<li>SCIM<\/li>\n\n\n\n<li>OIDC<\/li>\n<\/ul>\n\n\n\n<p>IAM is handled through groups using <a href=\"https:\/\/jumpcloud.com\/blog\/the-immediate-advantages-of-attribute-based-access-control\">attribute-based access control<\/a>, which helps to automate user lifecycle and entitlements management.Changes also flow seamlessly from other directories or human resource systems. Dynamic groups automatically organize users and devices using basic attributes. The next phase in JumpCloud\u2019s <a href=\"https:\/\/jumpcloud.com\/blog\/q4-2023-product-roadmap-webinar#:~:text=In%20Q4%20(and%20beyond)%2C,mobile%20device%20management%20(MDM).\">product roadmap<\/a> will include operators to create compound queries that will increase admin efficiency and streamline device and identity lifecycles.<\/p>\n\n\n\n<p><a href=\"https:\/\/support.jumpcloud.com\/s\/article\/Getting-Started-Conditional-Access-Policies\" target=\"_blank\" rel=\"noreferrer noopener\">Conditional access<\/a> is optional in JumpCloud for organizations that require privileged access management (PAM), and several password-less authentication methods are supported. Those include <a href=\"https:\/\/jumpcloud.com\/support\/get-started-jumpcloud-go\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Go<\/a>, which provides a phishing-resistant credential for Macs and Windows. Linux support for Go is coming soon, and will be driven by customer demand.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Extend and Improve M365<\/h3>\n\n\n\n<p>JumpCloud\u2019s <a href=\"https:\/\/jumpcloud.com\/blog\/jumpcloud-integrate-o365\/\">M365 integration<\/a> syncs Microsoft 365\/Entra ID users into the directory. It can then serve as the source of truth and manage nearly all systems, applications, networks, file servers, Infrastructure-as-a-Service platforms, and more regardless of their location (on-prem, at other cloud providers such as AWS<sup>\u00ae<\/sup>, etc.). This way, admins <a href=\"https:\/\/jumpcloud.com\/blog\/comparing-jumpcloud-azure-ad-intune\">can still leverage Entra ID<\/a> but avoid going down the path of spiraling costs and feature creep by not adopting the P2 SKU.<\/p>\n\n\n\n<p>Additionally, JumpCloud is <a href=\"https:\/\/jumpcloud.com\/product\/cloud-system-management\/\" target=\"_blank\" rel=\"noreferrer noopener\">platform agnostic<\/a>, so organizations can implement unified endpoint management (UEM) in conjunction with their Entra ID Premium P2 instance. JumpCloud will also federate with upstream IdPs. The directory integrates with Entra ID Free, so organizations can still manage their Azure\/Microsoft 365 users with a directory service entirely from the cloud.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>It\u2019s possible to <a href=\"https:\/\/jumpcloud.com\/solutions\/modernize-active-directory\" target=\"_blank\" rel=\"noreferrer noopener\">modernize AD<\/a> with JumpCloud without Entra ID at no additional cost.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>JumpCloud also offers additional IT management options that extend its utility:<\/p>\n\n\n\n<ul>\n<li>A decentralized <a href=\"https:\/\/jumpcloud.com\/platform\/password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a><\/li>\n\n\n\n<li>Cross-OS <a href=\"https:\/\/jumpcloud.com\/platform\/patch-management\" target=\"_blank\" rel=\"noreferrer noopener\">patch management<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/get-started-remote-assist\" target=\"_blank\" rel=\"noreferrer noopener\">Remote Access<\/a> tools for background troubleshooting and hands-on remote assistance<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Try JumpCloud<\/h2>\n\n\n\n<p>Interested in learning more? Check out our <a href=\"https:\/\/jumpcloud.com\/resources\/modernize-ad-admins-journey-to-it-flexibility\" target=\"_blank\" rel=\"noreferrer noopener\">latest webinar<\/a> on the modernization of Active Directory, or feel free to <a href=\"http:\/\/jumpcloud.com\/demo\" target=\"_blank\" rel=\"noreferrer noopener\">register for a personalized demo<\/a> to see JumpCloud in action.&nbsp;<\/p>\n\n\n\n<p>We also invite you to <a href=\"https:\/\/console.jumpcloud.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">get started with JumpCloud<\/a> today.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Before purchasing a subscription to Azure\u2019s top pricing tier, it\u2019s important to understand what benefits and drawbacks Entra ID Premium 2 offers.<\/p>\n","protected":false},"author":150,"featured_media":46364,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2781],"tags":[2444,2618,2484,2398,2467,2681,2391,2374],"collection":[2777],"platform":[],"funnel_stage":[3016],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding Entra ID&#039;s Premium P2 Tier - JumpCloud<\/title>\n<meta name=\"description\" content=\"Before purchasing a subscription to Azure\u2019s top pricing tier, it\u2019s important to understand what benefits and drawbacks Entra ID Premium 2 offers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding Entra ID&#039;s Premium P2 Tier\" \/>\n<meta property=\"og:description\" content=\"Before purchasing a subscription to Azure\u2019s top pricing tier, it\u2019s important to understand what benefits and drawbacks Entra ID Premium 2 offers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-03T14:49:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-14T22:56:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"520\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"Understanding Entra ID&#8217;s Premium P2 Tier\",\"datePublished\":\"2023-02-03T14:49:01+00:00\",\"dateModified\":\"2024-11-14T22:56:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2\"},\"wordCount\":2321,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg\",\"keywords\":[\"compliance\",\"cybersecurity\",\"device management\",\"IAM\",\"mdm\",\"PAM\",\"SSO\",\"zero trust\"],\"articleSection\":[\"How-To\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2\",\"url\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2\",\"name\":\"Understanding Entra ID's Premium P2 Tier - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg\",\"datePublished\":\"2023-02-03T14:49:01+00:00\",\"dateModified\":\"2024-11-14T22:56:23+00:00\",\"description\":\"Before purchasing a subscription to Azure\u2019s top pricing tier, it\u2019s important to understand what benefits and drawbacks Entra ID Premium 2 offers.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg\",\"width\":780,\"height\":520},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Understanding Entra ID&#8217;s Premium P2 Tier\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understanding Entra ID's Premium P2 Tier - JumpCloud","description":"Before purchasing a subscription to Azure\u2019s top pricing tier, it\u2019s important to understand what benefits and drawbacks Entra ID Premium 2 offers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2","og_locale":"en_US","og_type":"article","og_title":"Understanding Entra ID's Premium P2 Tier","og_description":"Before purchasing a subscription to Azure\u2019s top pricing tier, it\u2019s important to understand what benefits and drawbacks Entra ID Premium 2 offers.","og_url":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2","og_site_name":"JumpCloud","article_published_time":"2023-02-03T14:49:01+00:00","article_modified_time":"2024-11-14T22:56:23+00:00","og_image":[{"width":780,"height":520,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg","type":"image\/jpeg"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"Understanding Entra ID&#8217;s Premium P2 Tier","datePublished":"2023-02-03T14:49:01+00:00","dateModified":"2024-11-14T22:56:23+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2"},"wordCount":2321,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg","keywords":["compliance","cybersecurity","device management","IAM","mdm","PAM","SSO","zero trust"],"articleSection":["How-To"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2","url":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2","name":"Understanding Entra ID's Premium P2 Tier - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg","datePublished":"2023-02-03T14:49:01+00:00","dateModified":"2024-11-14T22:56:23+00:00","description":"Before purchasing a subscription to Azure\u2019s top pricing tier, it\u2019s important to understand what benefits and drawbacks Entra ID Premium 2 offers.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/06\/aad-pricing-p2.jpg","width":780,"height":520},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p2#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Understanding Entra ID&#8217;s Premium P2 Tier"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/46363"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=46363"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/46363\/revisions"}],"predecessor-version":[{"id":117541,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/46363\/revisions\/117541"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/46364"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=46363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=46363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=46363"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=46363"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=46363"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=46363"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=46363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}