I'm confused about the new licensing situation with Entra. I've always heard that identity protection policies could only be applied to users with P2 licenses, but now the option to assign P2 licenses directly to individuals is greyed out with a message saying that "this license does not need to be individually assigned." Is it true that we only need one license per tenant? If this is the case, I would be thrilled, but I can't help but question if this change is intentional or just a mistake.
5 Answers
From what I understand, you can actually use P1 or P2 features tenant-wide as long as you have at least one license. This means that if you have one P2 license, it unlocks those features across the whole tenant. However, legally, you need to have the right number of licenses. If you're looking to apply an identity protection policy to 10 users, you could technically do it with just one license, but it might not meet compliance requirements unless you own enough licenses. Microsoft’s licensing can be super confusing and it seems like they change things all the time.
I've asked different resellers and reps about that, and I've gotten different answers every time. It's so frustrating!
I've noticed that greyed-out option can happen if a license has expired or been disabled. Just the other day, I had trouble adding a license to a user even though their expiration looked fine. I had to reach out to my reseller for help.
Oh man, I had a similar issue on Monday! I managed to remove a license but couldn’t add it elsewhere without support.
Have you considered assigning it to a group? I can't remember the last time I had to deal with individual licenses; it always seems to be easier that way.
You can access P1 or P2 features with just one license in your tenant, but it also can put you at risk for Microsoft licensing violations. You could hold onto 10 licenses and still apply policies without needing to assign them directly to each user.
They haven't changed the licensing requirement. It's possible the user already has a P2 license through another subscription like E5, or it could be linked to a group-based licensing setup.
The user only has a standard license, so I'm surprised. It doesn’t make sense why I can’t assign a P2!
Yeah, you’re spot on with that. We've trialed P2 features before committing to buy licenses, although it’s technically against the rules. I once had a chat with a Microsoft rep over drinks, and they admitted that many folks use that loophole until they're caught.