Microsoft recently announced that it will be adding its Azure Active Directory Premium P1 license to Microsoft 365 Business subscriptions. This is great news for small and medium-sized business (SMB) customers. The Azure AD P1 license—we’ll just call it P1 to keep things simple—brings a powerful set of enterprise security, identity, and access control tools into what will now certainly be Microsoft’s flagship cloud offering for SMBs. And it does so at no added cost.
Microsoft is adding the P1 license to new subscriptions now and will be rolling it out to existing subscribers over the coming weeks. This is particularly great news for clients grappling with long-term remote work planning.
The features in P1 are designed to facilitate secure access to work applications from anywhere. Microsoft Business 365 plus Azure AD P1 will let you transform your clients’ modern workplace into a work-from-anywhere workplace.
Learn how to resell Microsoft 365 and help your client’s digital transformation with our guide
Expanding the toolset for SMB clients
Microsoft will also be renaming the 365 Business plan to Business Premium when the P1 license is added. This is part of a wider renaming of all their small and medium-sized business-focused offerings. The Business Premium plan is still intended for small and medium-sized businesses with 300 users or less.
Some of the free Azure AD features were previously available in Microsoft 365 plans, the most important being Multi-factor Authentication (MFA), self-service password resets, and conditional access policies. Adding the entire P1 license is part of Microsoft’s efforts to help SMBs establish more secure remote work conditions for the current COVID-19 crisis and beyond.
What does Azure AD P1 add to 365 Business?
P1 licenses will give Sherweb Partners and their clients access to advanced group, identity, and access control policies for more granular control over how users and their devices access cloud resources. P1 also offers a few key enterprise-level features we wanted to highlight:
Cloud App Discovery
It was hard to keep track of BYOD devices and consumer cloud app usage even before remote work became the new normal. Now, contending with these security risks is something practically every business faces. This just amplifies the challenge of protecting your client’s cloud infrastructure against data breaches and the unwanted effects of shadow IT.
The Cloud App Discovery tool analyzes your client’s cloud traffic logs. Any activity in their environment coming from a list of over 16,000 different cloud apps is flagged and scored for risk level. You can access reports that measure and rank app usage by traffic volume, number of users, individual user, or number of outbound web requests by app.
This helps you identify and prioritize what data is at risk, what shadow IT systems might have access to your client’s data, and the relative risk those shadow systems pose to your client’s data integrity.
Businesses that rely on critical on-premise applications have been particularly challenged by the sudden increase in remote workers. Many clients and Sherweb Partners have figured out reverse proxy or VPN solutions that are good enough, but the Azure Application Proxy now available with P1 licenses can be a superior choice. It’s a lightweight software agent that gives access to specific on-premise apps without exposing larger segments of a client’s network.
Remote users use their standard Azure single sign-on (SSO) account to access the Application Proxy. This will grant them access to both authorized on-premise apps and their cloud apps, like Teams, SharePoint, other Office 365 apps, and Remote Desktop.
Using the Proxy for remote access also mitigates the need to open inbound connections on the client’s firewall. And it’s often more cost effective than a VPN or other proxy setups, as it doesn’t require any local infrastructure or network changes.
Any Partner who’s used dynamic groups to manage an enterprise client knows what a time saver they can be. Dynamic AD groups allow you to automatically add and remove users from security groups based on user or device properties (though an Office 365 group can only be a user group).
For example, you can define a “Guest” dynamic group that automatically collects all guest accounts spread around the tenant so you can centrally manage them. Also, any time a user or device attribute changes, Azure AD runs all dynamic group rules and automatically updates membership accordingly.
Password fatigue is real. Perhaps you’ve seen an uptick in password-related support requests since people have shifted to working from home. There’s a whole range of personal laptops and mobile devices now trying to authenticate against client resources. Thankfully, the P1 license lets you enable password-less authentication for your client’s cloud apps.
Password-less authentication replaces passwords by performing multi-factor authentication against something users have with them, against information they know, or against biometrics. Azure AD currently supports three different password-less authentication options:
- Windows Hello for Business—Authenticates with biometrics and a PIN tied to a specific PC
- Microsoft Authenticator app—Authenticates sign-ins on a separate, verified mobile device
- FIDO2 security keys—Authenticates with high-security keys stored on a USB thumb drive
An opportunity to deliver more value
Most notable for resellers is that the addition of P1 to Business Premium subscriptions lets you offer more enterprise-grade features to your customers at a lower cost than Office 365 E3 licenses.
Beyond the features listed above, the addition of the P1 license lets you offer your SMB clients many other enterprise-grade features on a Business plan, like:
- Customized branding for your clients’ sign-on pages
- Password protection, including access to global and custom banned password lists
- Advanced self-service password reset tools
- MDM auto-enrollment for increased device security
- Many other identity and access control tools
Bring enterprise tools to your SMB clients
The addition of Azure AD Premium P1 to Business Premium is definitely welcome news for Sherweb Partners looking to offer more value-added services to their clients. It’s great to see Microsoft make these enterprise-grade security tools available to even more organizations.
In particular, we think password-less authentication is a great security feature to implement. It can greatly simplify user authentication while improving security at the same time. And Azure’s Application Proxy is another great tool to support Partners pushing the Zero Trust security model.
Don’t forget, Sherweb is available whenever you need a hand with Azure AD setup and implementation.