I'm a bit unsure about how Entra ID works with licensing in my scenario. My company has only M365 accounts and doesn't use any on-prem AD. I assume it's better to just implement Entra ID directly instead of going for on-prem AD. I want to set up a rule where only one user can be in the administrators group on each device that connects with a Microsoft account. Additionally, I want to ensure that admin credentials are required for installations or settings changes.
Is it achievable only with an Entra ID subscription? Do I need to license every user in the company, or just myself as the admin? Also, which licenses include the necessary features for Entra ID, like P1 or others? I have so many questions.
1 Answer
It sounds like you're already on the right track since having M365 accounts means you have access to Entra ID. The specific licensing you have might already cover P1 or P2, so you should check that. Remember, all users in the tenant need to be covered with a license to have full functionality. For managing admin rights on devices, you’ll definitely want Intune along with the P2 license if you plan to use Privileged Identity Management (PIM).
I just want to set up a clean Azure AD. I need to prevent users from downloading stuff they find online and changing settings on their PCs. What exactly do I need?