| Feature |
PREMIUM P1 |
PREMIUM P2 |
| Core Identity and Access Management |
| Directory Objects |
No Object Limit |
No Object Limit |
| Single Sign-On (SSO) (unlimited) |
✓ |
✓ |
| Easy provisioning |
✓ |
✓ |
| Federated Authentication (ADFS or 3rd party IDP) |
✓ |
✓ |
| User and group management (add/update/delete) |
✓ |
✓ |
| Device registration |
✓ |
✓ |
| Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO) |
✓ |
✓ |
| Azure AD Connect sync (extend on-premises directories to Azure AD) |
✓ |
✓ |
| Self-Service Password Change for cloud users |
✓ |
✓ |
| Azure AD Join: desktop SSO and administrator bitlocker recovery |
✓ |
✓ |
| Password Protection (global banned password) |
✓ |
✓ |
| Multi-Factor Authentication |
✓ |
✓ |
| Basic security and usage reports |
✓ |
✓ |
| Business to Business Collaboration |
| Azure AD features for guest users |
✓ |
✓ |
| Identity and Access Management for Office 365 apps |
| Company branding (customization of logon and logout pages, access panel) |
✓ |
✓ |
| Self-service password reset for cloud users |
✓ |
✓ |
| Service Level Agreement (SLA) |
✓ |
✓ |
| Device objects two-way synchronisation between on-premises directories and Azure AD (Device write-back) |
✓ |
✓ |
| Premium Features |
| Password Protection (custom banned password) |
✓ |
✓ |
| Password Protection for Windows Server Active Directory (global and custom banned password) |
✓ |
✓ |
| Self-service password reset/change/unlock with on-premises write-back |
✓ |
✓ |
| Group access management |
✓ |
✓ |
| Microsoft Cloud App Discovery |
✓ |
✓ |
| Azure AD Join: MDM auto enrollment and local admin policy customisation |
✓ |
✓ |
| Azure AD Join: self-service bitlocker recovery, enterprise state roaming |
✓ |
✓ |
| Advanced security and usage reports |
✓ |
✓ |
| Hybrid Identities |
| Application Proxy |
✓ |
✓ |
| Microsoft Identity Manager user CAL |
✓ |
✓ |
| Connect Health |
✓ |
✓ |
| Advanced Group Access Management |
| Dynamic groups |
✓ |
✓ |
| Group creation permission delegation |
✓ |
✓ |
| Group naming policy |
✓ |
✓ |
| Group expiration |
✓ |
✓ |
| Usage guidelines |
✓ |
✓ |
| Default classification |
✓ |
✓ |
| Conditional Access |
| Conditional Access based on group, location and device status |
✓ |
✓ |
| Azure Information Protection integration |
✓ |
✓ |
| SharePoint limited access |
✓ |
✓ |
| Terms of Use (set up terms of use for specific access) |
✓ |
✓ |
| Multi-Factor Authentication with Conditional Access |
✓ |
✓ |
| Microsoft Cloud App Security integration |
✓ |
✓ |
| 3rd party identity governance partners integration |
✓ |
✓ |
| Identity Protection |
| Vulnerabilities and risky accounts detection |
|
✓ |
| Risk events investigation |
|
✓ |
| Risk based Conditional Access policies |
|
✓ |
| Identity Governance |
| Privileged Identity Management (PIM) |
|
✓ |
| Access Reviews |
|
✓ |
| Entitlement Management |
|
✓ |