You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/workload-identities/workload-identities-faqs.md
+6-20Lines changed: 6 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
8
8
ms.subservice: workload-identities
9
9
ms.workload: identity
10
10
ms.topic: conceptual
11
-
ms.date: 8/28/2023
11
+
ms.date: 9/15/2023
12
12
ms.author: gasinh
13
13
ms.reviewer:
14
14
ms.custom: aaddev
@@ -94,26 +94,12 @@ applications for connecting resources that support Azure AD authentication.
94
94
95
95
## How many licenses do I need to purchase? Do I need to license all workload identities including Microsoft and Managed Service Identities?
96
96
97
-
All workload identities - service principles, apps and managed identities, configured in your directory for a Microsoft Entra
98
-
Workload Identities Premium feature require a license. Select and prioritize the identities based on the available licenses. Remove
99
-
the workload identities from the directory that are no longer required.
97
+
All workload identities - service principles, apps and managed identities, configured in your directory for a Microsoft Entra Workload Identities Premium feature require a license. Customers don’t need to license all the workload identities. You can find the right number of Workload ID licenses with the following guidance:
100
98
101
-
The following identity functionalities are currently available to view
102
-
in a directory:
103
-
104
-
- Identity Protection: All single-tenant and multi-tenant service
105
-
principals excluding managed identities and Microsoft apps.
106
-
107
-
- Conditional Access: Single-tenant service principals (excluding
108
-
managed identities) capable of acting as a subject/client, having a
109
-
defined credential.
110
-
111
-
- Access reviews: All single-tenant and multi-tenant service
112
-
principals assigned to privileged roles.
113
-
114
-
>[!NOTE]
115
-
>Functionality is subject to change, and feature coverage is
116
-
intended to expand.
99
+
1. Customer will need to license enterprise applications or service principals ONLY if they set up Conditional Access policies or use Identity Protection for them.
100
+
2. Customers don't need to license applications at all, even if they are using Conditional Access policies.
101
+
3. Customers will need to license managed identities, only when they set up access reviews for managed identities.
102
+
You can find the number of each workload identity type (enterprise apps/service principals, apps, managed identities) on the product landing page at the [Microsoft Entra admin center](https://entra.microsoft.com).
117
103
118
104
## Do these licenses require individual workload identities assignment?
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments