I'm trying to set up MFA access for an on-premises RDS gateway and according to the documentation, it states that I need a P1 or P2 license to add an on-prem application to Entra ID. The prerequisites mention that an application administrator account is necessary. My question is: would a P1 license cover that?
Additionally, who would be the best user to assign this license to? Do regular users require a P1 license in order to connect? I'm still in the planning stages, just trying to figure out how to get everything working so that users can remotely connect to their desktops from home with MFA as a security layer.
3 Answers
To keep things compliant, it's recommended that every user connecting to the app through the App Proxy has their own P1 license. If they're using the NPS extension on your server instead, ensure that those users maintain proper licensing as well.
You only need one active P1 license for your tenant, which allows you to use the App Proxy feature. However, it's likely that every user who connects through the App Proxy needs to have their own P1 license. While Microsoft may not actively enforce this, it's best to play it safe to avoid any potential violations of their terms.
While just having one P1 license technically gives you access to the features, it could lead to problems down the line. Microsoft tends to check on licensing, and I've seen reports where clients have been contacted to rectify their license situation. It's best to make sure all of your users are licensed under P1 or upgrade to Business Premium to cover everyone properly.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures