Skip to content

Commit 029c352

Browse files
authored
Merge pull request #227805 from Gargi-Sinha/patch-162
Update TOC.yml
2 parents 68e76cf + 2bcecba commit 029c352

File tree

4 files changed

+137
-1
lines changed

4 files changed

+137
-1
lines changed

articles/active-directory/develop/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,8 @@
6161
href: application-model.md
6262
- name: Workload identities
6363
href: workload-identities-overview.md
64+
- name: Workload identities FAQs
65+
href: workload-identities-faqs.md
6466
- name: Applications and service principals
6567
href: app-objects-and-service-principals.md
6668
- name: How and why apps are added to Azure AD
Lines changed: 132 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,132 @@
1+
---
2+
title: Workload identities license plans faq
3+
description: Learn about workload identities license plans, features and capabilities.
4+
author: gargi-sinha
5+
manager: martinco
6+
ms.service: active-directory
7+
ms.subservice: develop
8+
ms.workload: identity
9+
ms.topic: conceptual
10+
ms.date: 2/21/2023
11+
ms.author: gasinh
12+
ms.reviewer:
13+
ms.custom: aaddev
14+
#Customer intent: I want to know about workload identities licensing plans
15+
---
16+
17+
# Frequently asked questions about workload identities license plans
18+
19+
[Workload identities](workload-identities-overview.md) is now available in two editions: **Free** and **Workload Identities Premium**. The free edition of workload identities is included with a subscription of a commercial online service such as [Azure](https://azure.microsoft.com/) and [Power Platform](https://powerplatform.microsoft.com/). The Workload
20+
Identities Premium offering is available through a Microsoft representative, the [Open Volume License
21+
Program](https://www.microsoft.com/licensing/how-to-buy/how-to-buy), and the [Cloud Solution Providers program](/azure/lighthouse/concepts/cloud-solution-provider). Azure and Microsoft 365 subscribers can also purchase Workload
22+
Identities Premium online.
23+
24+
For more information, see [what are workload identities?](workload-identities-overview.md)
25+
26+
>[!NOTE]
27+
>Workload Identities Premium is a standalone product and isn't included in other premium product plans. All subscribers require a license to use Workload Identities Premium features.
28+
29+
Learn more about [workload identities
30+
pricing](https://www.microsoft.com/security/business/identity-access/microsoft-entra-workload-identities#office-StandaloneSKU-k3hubfz).
31+
32+
## What features are included in Workload Identities Premium plan and which features are free?
33+
34+
|Capabilities | Description | Free | Premium |
35+
|:--------|:----------|:------------|:-----------|
36+
| **Authentication and authorization**| | | |
37+
| Create, read, update, delete workload identities | Create and update identities for securing service to service access | Yes | Yes |
38+
| Authenticate workload identities and tokens to access resources | Use Azure Active Directory (Azure AD) to protect resource access | Yes| Yes |
39+
| Workload identities sign-in activity and audit trail | Monitor and track workload identity behavior | Yes | Yes |
40+
| **Managed identities**| Use Azure AD identities in Azure without handling credentials | Yes| Yes |
41+
| Workload identity federation | Use workloads tested by external Identity Providers (IdPs) to access Azure AD protected resources | Yes | Yes |
42+
| **Conditional Access (CA)** | | |
43+
| CA policies for workload identities |Define the condition in which a workload can access a resource, such as an IP range | | Yes |
44+
|**Lifecycle Management**| | | |
45+
|Access reviews for service provider-assigned privileged roles | Closely monitor workload identities with impactful permissions | | Yes |
46+
|**Identity Protection** | | |
47+
|Identity Protection for workload identities | Detect and remediate compromised workload identities | | Yes |
48+
49+
## What is the cost of Workload Identities Premium plan?
50+
51+
Check the pricing for the [Microsoft Entra Workload Identities
52+
Premium](https://www.microsoft.com/security/business/identity-access/microsoft-entra-workload-identities#office-StandaloneSKU-k3hubfz)
53+
plan.
54+
55+
## How do I purchase a Workload Identities Premium plan?
56+
57+
You need an Azure or Microsoft 365 subscription. You can use a
58+
current subscription or set up a new one. Then, sign into the [Microsoft
59+
Entra admin
60+
center](https://entra.microsoft.com/)
61+
with your credentials to buy Workload Identities licenses.
62+
63+
## Through what channels can I purchase Workload Identities Premium plan?
64+
65+
You can purchase the plan through Enterprise Agreement (EA)/Enterprise Subscription (EAS), Cloud Solution Providers (CSPs), or Web Direct.
66+
67+
## Where can I find more feature details to determine if I need a license(s)?
68+
69+
Entra workload identities has three premium features that require a license.
70+
71+
- [Conditional Access](../conditional-access/workload-identity.md):
72+
Supports location or risk-based policies for workload identities.
73+
74+
- [Identity Protection](../identity-protection/concept-workload-identity-risk.md):
75+
Provides reports of compromised credentials, anomalous sign-ins, and
76+
suspicious changes to accounts.
77+
78+
- [Access Reviews](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-azure-ad-access-reviews-for-service-principals/ba-p/1942488):
79+
Enables delegation of reviews to the right people, focused on the most
80+
important privileged roles.
81+
82+
## What do the numbers in each category on the [Workload identities - Microsoft Entra admin center](https://entra.microsoft.com/#view/Microsoft_Azure_ManagedServiceIdentity/WorkloadIdentitiesBlade) mean?
83+
84+
Category definitions:
85+
86+
- **Enterprise apps/Service Principals**: This category includes multi-tenant apps, gallery apps, non-gallery apps and service principals.
87+
88+
- **Microsoft apps**: Apps such as Outlook and Microsoft Teams.
89+
90+
- [**Managed Identities**](https://entra.microsoft.com/#home): An identity for
91+
applications for connecting resources that support Azure AD authentication.
92+
93+
## How many licenses do I need to purchase? Do I need to license all workload identities including Microsoft and Managed Service Identities?
94+
95+
All workload identities - service principles, apps and managed identities, configured in your directory for a Microsoft Entra
96+
Workload Identities Premium feature require a license. Select and prioritize the identities based on the available licenses. Remove
97+
the workload identities from the directory that are no longer required.
98+
99+
The following identity functionalities are currently available to view
100+
in a directory:
101+
102+
- Identity Protection: All single-tenant and multi-tenant service
103+
principals excluding managed identities and Microsoft apps.
104+
105+
- Conditional Access: Single-tenant service principals (excluding
106+
managed identities) capable of acting as a subject/client, having a
107+
defined credential.
108+
109+
- Access reviews: All single-tenant and multi-tenant service
110+
principals assigned to privileged roles.
111+
112+
>[!NOTE]
113+
>Functionality is subject to change, and feature coverage is
114+
intended to expand.
115+
116+
## Do these licenses require individual workload identities assignment?
117+
118+
No, license assignment isn't required. One license in the tenant unlocks features for workload identities.
119+
120+
## Can I get a free trial of Workload Identities Premium?
121+
122+
Yes. you can get a [90-day free trial](https://entra.microsoft.com/#view/Microsoft_Azure_ManagedServiceIdentity/WorkloadIdentitiesBlade).
123+
In the Modern channel, a 30-day only trial is available. Free trial is
124+
unavailable in Government clouds.
125+
126+
## Is the Workload Identities Premium edition available on Government clouds?
127+
128+
Yes, it's available.
129+
130+
## Is it possible to have a mix of Azure AD Premium P1, Azure AD Premium P2 and Workload Identities Premium licenses in one tenant?
131+
132+
Yes, customers can have a mixture of license plans in one tenant.

articles/active-directory/develop/workload-identities-overview.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,4 +52,5 @@ Here are some ways you can use workload identities:
5252

5353
## Next steps
5454

55-
Learn how to [secure access of workload identities](../conditional-access/workload-identity.md) with adaptive policies.
55+
- Learn how to [secure access of workload identities](../conditional-access/workload-identity.md) with adaptive policies.
56+
- Get answers to [frequently asked questions about workload identities](workload-identities-faqs.md).

articles/active-directory/fundamentals/active-directory-whatis.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ After you choose your Azure AD license, you'll get access to some or all of the
7474
|Managed identities for Azure resources|Provide your Azure services with an automatically managed identity in Azure AD that can authenticate any Azure AD-supported authentication service, including Key Vault. For more information, see [What is managed identities for Azure resources?](../managed-identities-azure-resources/overview.md).|
7575
|Privileged identity management (PIM)|Manage, control, and monitor access within your organization. This feature includes access to resources in Azure AD and Azure, and other Microsoft Online Services, like Microsoft 365 or Intune. For more information, see [Azure AD Privileged Identity Management](../privileged-identity-management/index.yml).|
7676
|Reports and monitoring|Gain insights into the security and usage patterns in your environment. For more information, see [Azure Active Directory reports and monitoring](../reports-monitoring/index.yml).|
77+
| Workload identities| Give an identity to your software workload (such as an application, service, script, or container) to authenticate and access other services and resources. For more information, see [workload identities faqs](../develop/workload-identities-faqs.md).
7778

7879
## Terminology
7980

0 commit comments

Comments
 (0)