Azure Active Directory

Packaging and license compliance can force Microsoft 365 customers to buy E5-level suites for all users to take full advantage of conditional access.

Azure Multi-Factor Authentication implements a two-step sign-in verification process and offers multiple tiers of service with user licenses bundled into various Microsoft 365 plans.

A simplified process for organizations to make services and applications protected by Azure Active Directory accessible to external users (sometimes called “guests”), such as contractors and vendors; licensed via per-user fees once a monthly free allotment is exceeded.

Microsoft has stated that paid tiers of AAD Premium will now offer a 99.99% uptime service-level agreement, up from 99.9%.

Microsoft uses "External User" as a licensing term for users outside an organization who are eligible for Guest User licenses.

Customers can now select an Azure Active Directory Domain Services performance tier, which also affects backup and trust options.

Azure AD can serve as an identity hub for third-party applications, by automatically provisioning and deprovisioning users in external systems.

AAD entitlement management offers simplified administration of user membership in AAD groups, AAD-integrated applications, and SharePoint Online but requires AAD Premium P2.

Azure Active Directory is available in one free tier and three paid tiers of service, but organizations must beware of compliance issues from mixing multiple tiers

Chart summarizes key feature differences between the free and Premium tiers of Azure Active Directory, and the level of AAD service included with Office 365 subscriptions.