You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|Access reviews for service provider-assigned privileged roles | Closely monitor workload identities with impactful permissions || Yes |
47
47
| Application authentication methods API | Allows IT admins to enforce best practices for how apps in their organizations use application authentication methods. || Yes |
48
+
| App Health Recommendations | Identify unused or inactive workload identities and their risk levels. Get remediation guidelines. || Yes |
48
49
|**Identity Protection**|||
49
50
|Identity Protection for workload identities | Detect and remediate compromised workload identities || Yes |
50
51
@@ -68,7 +69,7 @@ You can purchase the plan through Enterprise Agreement (EA)/Enterprise Subscript
68
69
69
70
## Where can I find more feature details to determine if I need a license(s)?
70
71
71
-
Microsoft Entra Workload ID has three premium features that require a license.
72
+
Microsoft Entra Workload ID has four premium features that require a license.
Supports location or risk-based policies for workload identities.
@@ -81,11 +82,13 @@ suspicious changes to accounts.
81
82
Enables delegation of reviews to the right people, focused on the most
82
83
important privileged roles.
83
84
85
+
-[App health recommendations](/azure/active-directory/reports-monitoring/howto-use-recommendations): Provides you with personalized insights with actionable guidance so you can implement best practices, improve the state of your Microsoft Entra tenant, and optimize the configurations for your scenarios.
86
+
84
87
## What do the numbers in each category on the [Workload identities - Microsoft Entra admin center](https://entra.microsoft.com/#view/Microsoft_Azure_ManagedServiceIdentity/WorkloadIdentitiesBlade) mean?
85
88
86
89
Category definitions:
87
90
88
-
-**Enterprise apps/Service Principals**: This category includes multi-tenant apps, gallery apps, non-gallery apps and service principals.
91
+
-**Enterprise apps/Service Principals**: This category includes multitenant apps, gallery apps, non-gallery apps and service principals.
89
92
90
93
-**Microsoft apps**: Apps such as Outlook and Microsoft Teams.
91
94
@@ -96,9 +99,9 @@ applications for connecting resources that support Microsoft Entra authenticatio
96
99
97
100
All workload identities - service principles, apps and managed identities, configured in your directory for a Microsoft Entra Workload ID Premium feature require a license. Customers don’t need to license all the workload identities. You can find the right number of Workload ID licenses with the following guidance:
98
101
99
-
1. Customer will need to license enterprise applications or service principals ONLY if they set up Conditional Access policies or use Identity Protection for them.
100
-
2. Customers don't need to license applications at all, even if they are using Conditional Access policies.
101
-
3. Customers will need to license managed identities, only when they set up access reviews for managed identities.
102
+
1. Customer needs to license enterprise applications or service principals ONLY if they set up Conditional Access policies or use Identity Protection for them.
103
+
2. Customers don't need to license applications at all, even if they're using Conditional Access policies.
104
+
3. Customers need to license managed identities, only when they set up access reviews for managed identities.
102
105
You can find the number of each workload identity type (enterprise apps/service principals, apps, managed identities) on the product landing page at the [Microsoft Entra admin center](https://entra.microsoft.com).
103
106
104
107
## Do these licenses require individual workload identities assignment?
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments