Every organization that has at least one licensed Microsoft 365 user (with an E1, E3, E5, F1, and F3 subscription) or uses Microsoft cloud services such as Azure or Intune also has an Azure Active Directory tenant.

Microsoft 365 A3 for students use benefit
Information Barriers
Microsoft Bookings
Universal Print Without Seeding
Project for Office (Plan E3)
Common Data Service
Information Protection for Office 365 - Standard
Education Analytics
Microsoft Kaizala Pro
Microsoft Search
Whiteboard (Plan 2)
Microsoft Intune Plan 1 for Education
Microsoft Defender for Cloud Apps Discovery
To-Do (Plan 2)
Windows 10/11 Enterprise
Minecraft Education Edition
Microsoft Intune Plan 1
Microsoft Azure Multi-Factor Authentication
Azure Active Directory Premium P1
Azure Active Directory Basic for Education
Microsoft Stream for Office 365 E3
School Data Sync (Plan 2)
Azure Rights Management
Microsoft Teams
Microsoft StaffHub
Power Apps for Office 365
Power Automate for Office 365
Microsoft Forms (Plan 2)
Microsoft Planner
Yammer for Academic
Skype for Business Online (Plan 2)
Office for the Web for Education
SharePoint (Plan 2) for Education
Exchange Online (Plan 2)
Office 365 Cloud App Security
The latest desktop version of Office

There are, however, different editions of Azure AD licenses that provide the organization with different capabilities: Azure AD Free/Office 365, Premium P1, and Premium P2.


Though lower tiers of AAD have certain limitations, such as with the number of apps and directory objects IT teams can manage, Azure AD Premium P2's feature set offers admins the opportunity to thoroughly manage their users and their SSO access.

Azure AD

Azure Active Directory (Azure AD) is a cloud-based identity and access management service. Azure AD enables your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Azure Active Directory also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization (Microsoft).

Azure Active Directory

Azure AD Premium P2 licenses are beneficial for organizations that are expected to demonstrate a high level of governance of identities. That implies managing privileged access and automating access reviews and responses to potentially compromised accounts.

Azure AD Premium P2

AAD Premium P2 offers the following features:

All of the features listed for Azure AD Microsoft 365 apps 
Leverage SSO for an unlimited number of pre-integrated SaaS applications
Configure self-service application assignment to enable users to self-discover and request access to applications
On-prem write-back for all password changes
Advanced usage reporting
HR-driven provisioning
Self-service group management and application management 
Microsoft® Identity Management (MIM) CAL + MIM server for simplified lifecycle user management
Conditional access based on device state or location and group
Automate password rollover for group accounts
Join a Windows® Pro device to Azure AD to enable desktop SSO, and Administrator BitLocker recovery
Application proxy for on-premises, header-based, and Integrated Windows Authentication
MDM auto-enrollment, self-service BitLocker recovery, additional local admin tooling to Windows Pro devices via Azure AD Join
Role-based access control (RBAC)
Risk-based Identity Protection 
Privileged identity management
Self-service entitlement management (My Access)
Access certifications and reviews
Entitlements management
Lifecycle Workflows (preview)
Privileged Identity Management (PIM), just-in-time access
Cloud app discovery (Windows Defender for cloud apps)
Identity Protection reporting: vulnerabilities and risky accounts
Identity Protection reporting: risk events investigation, SIEM connectivity
A service-level agreement

Azure AD Premium P2 is most commonly used for providing insight into user activity within Azure infrastructure, Microsoft 365, and web applications.

Azure Active Directory Premium P1 vs. P2: Features comparison


default default