Entra ID, formerly Azure Active Directory, sells in free, P1, P2, and Governance tiers. Much of it is already inside your Microsoft 365 suite, so the risk is paying twice.
Entra ID is the identity layer under Microsoft 365, sold in four tiers. This guide shows what your suite already includes and where extra spend is justified.
Entra ID sells in four tiers. Microsoft lists them on its Entra pricing page.
Each tier adds identity capability, and the higher tiers are frequently already included in a Microsoft 365 suite.
Yes. Microsoft renamed Azure Active Directory to Entra ID in 2023. The capabilities and licensing tiers carried over. Microsoft confirms the change in its naming announcement.
This is the question that saves the most money. Several Entra tiers are bundled into Microsoft 365 plans, so buying them standalone is paying twice.
Cross reference standalone Entra seats against suite entitlements. Any user on E5 who also holds a standalone P2 license is paying twice. Microsoft documents the bundling in its Entra licensing documentation.
Governance is a separate paid product over P2. It is worth buying when access certification and lifecycle automation are real requirements, not before.
Yes. Many estates buy Governance while the access reviews and privileged identity management already in P2 sit unused. Switch on what you own before adding a new layer.
The Entra Suite bundles identity protection with network access and identity verification into one license. Microsoft describes it on the Entra product page. Evaluate it against what your suite already grants.
The buyer view is simpler than the tier list suggests. Establish what the suite includes, then pay only for the increment you genuinely need.
When users sit on a suite below E3, or when you need Governance, which no suite includes. For E3 and E5 users, standalone P1 or P2 is usually redundant.
Entra ID tiers and where they come from
| Tier | Key capability | Often included in | Buyer test |
|---|---|---|---|
| Free | Directory and single sign on | Any Microsoft 365 plan | Already owned |
| P1 | Conditional access and password reset | E3 and Business Premium | Check before buying standalone |
| P2 | Risk based protection and access reviews | E5 | Confirm it is switched on |
| Governance | Entitlement and lifecycle management | Standalone only | Buy when certification is required |
Entra overspend is almost always double payment or unused capability. The levers are inventory and activation, not discounting.
Most identity maturity gains come from using owned P2 controls, not from new SKUs. Activation delivers capability you already paid for, at no added license cost.
Yes. Governance and the Entra Suite are negotiable in an Enterprise Agreement. Read terms against the official Microsoft Product Terms before committing volume.
The common advice is to buy Entra ID Governance early so identity governance is in place before an audit. We disagree. In roughly 20 of 30 identity estates Fredrik Filipsson reviewed, the access reviews and privileged identity management already inside E5 P2 sat switched off while the team shopped for a new Governance license. You cannot govern what you have not activated. The buyer side move is to turn on every owned P2 control first, prove the gap, and only then license Governance for the specific capability you still lack. Buying maturity you already own is the most common identity overspend.
Source: Redress Compliance advisory engagement file, 2024 to 2025.
The biggest Entra overspend is paying again for identity your Microsoft 365 suite already grants.
Entra ID sells in four tiers: Free, P1, P2, and Entra ID Governance. Each adds identity capability, and the higher tiers are often already included in a Microsoft 365 suite.
Yes. Microsoft renamed Azure Active Directory to Entra ID in 2023. The capabilities and licensing tiers carried over unchanged.
Entra ID P1 is included in Microsoft 365 E3 and Business Premium. Entra ID P2 is included in Microsoft 365 E5. Buying them standalone for those users is paying twice.
P2 adds risk based identity protection, privileged identity management, and access reviews. P1 covers conditional access, self service password reset, and hybrid identity.
Buy Governance when access certification and lifecycle automation are real requirements that P2 cannot meet. Activate owned P2 controls first to confirm the gap.
The Entra Suite bundles identity protection with secure network access and identity verification into one license. Evaluate it against what your Microsoft 365 suite already grants.
Cross reference standalone Entra seats against suite entitlements. Any E5 user holding a standalone P2 license is paying twice and can drop the standalone seat.
Yes. Governance and the Entra Suite are negotiable in an Enterprise Agreement. Validate pricing against Microsoft Product Terms and independent benchmarks first.
500+ enterprise clients. 11 vendor practices. Industry recognized. One conversation can change what you pay Microsoft for the next three years.
Microsoft licensing moves, benchmark ranges, and renewal levers. No vendor spin.
Once a month. Audit patterns, renewal benchmarks, vendor commercial signals across Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, AWS, Google Cloud, ServiceNow, Workday, Cisco, and the GenAI vendors. No follow up sales pressure.
Free providers (Gmail, Yahoo, Outlook) cannot subscribe. Work email only. Unsubscribe in one click.
