Update (March 2026): Azure Active Directory (Azure AD) is now called Microsoft Entra ID. This article has been lightly refreshed to reflect the updated product naming and to remove out-of-date pricing references.
Executive Summary
- Our Inside 365 Business Premium series offers a deep dive into the features included with Microsoft 365 Business Premium, especially the ones that are easy to miss.
- In this edition, we cover Microsoft Entra ID Plan 1 (formerly Azure AD Premium P1), which adds extra identity and access controls and is one of the biggest reasons many businesses choose Business Premium.
- In plain English, Entra ID Plan 1 adds features such as Conditional Access, cloud app discovery, application proxy for secure remote access, and dynamic groups to help you manage access more safely and consistently.
Introduction
Are you getting the most out of Microsoft 365?
If you’re one of the over one million worldwide companies already subscribed to Microsoft 365, you probably already know that Microsoft offers several upgraded flavours of its productivity suite.
While the vast majority of businesses will start out with the Standard subscription, there’s so much more to discover with Microsoft 365 Business Premium.
In our Inside 365 Business Premium series, we’re taking deep-dives into what this package can offer your business.
So, without further ado, let’s find out everything you need to know about Azure AD Premium P1.
What is Microsoft Entra ID (formerly Azure Active Directory)?
Before we get into the details of Plan 1, let’s quickly summarise what Microsoft Entra ID is.
Whether you know it or not, if you’re an active Microsoft 365 subscriber, you’re already using Entra ID. It is Microsoft’s cloud-based identity and access management service. In plain English, it helps you manage users, control what they can access, and sign into Microsoft 365 and other business apps securely.
Entra ID is effectively the backbone of your Microsoft 365 setup, giving administrators the ability to add, edit, or remove users and apply access rules across services like Exchange (email), SharePoint, Teams, and more. It can also support Single Sign-On (SSO), allowing staff to use one set of work credentials to access other approved business applications.
What is Microsoft Entra ID Plan 1?
Microsoft Entra ID Plan 1 (formerly Azure AD Premium P1) is the next level up from the standard Entra ID features that come with Microsoft 365.
Plan 1 adds stronger access controls and security features that are particularly useful for businesses with remote or hybrid working, or any organisation that wants more consistency around who can access data, from where, and under what conditions.
Now let’s look at the key features included with Entra ID Plan 1, and how they can help your business.
The features of Azure AD Premium P1 (and how they can help your business)
Now that you have a broad understanding of Azure AD and its upgraded Premium P1 version, it’s time to dig into the details.
Below we’ll explore the tentpole features of the Premium P1 subscription, and why it might be a reason to upgrade your 365 license to Business Premium.
Conditional Access
Cloud-based apps and technology are a great evolution for businesses, enabling work-from-anywhere and unshackling companies from their premises.
But this flexibility of access isn’t without its downsides.
When an employee isn’t working on-premises, they could easily be accessing sensitive company information from their own devices: laptops, smartphones, tablets, and so on. They could be the most trustworthy person in the world, but that doesn’t mean their devices are. If you want more fine-grain control over how and where your company data is being accessed, you need Conditional Access.
With conditional access, you can create specific policies and criteria by which users are allowed to access your company data.
For example, you could create a rule that employees can only access their company email from the official Microsoft Outlook app for iOS or Android. Or you might want to enforce Multi-Factor Authentication (MFA) policies across third-party devices when they log in from a new location. In this way, you can gain the peace of mind that only your trusted team members are accessing data from their trusted devices.
In a world where data is king, Conditional Access helps keep yours safe.
Cloud App Discovery
Even when your workforce is completely up-to-date on your company’s security policies, it’s still difficult to know exactly who is accessing what.
With so many cloud-based applications available today, connections are endlessly being made from your team’s devices, potentially exposing sensitive company data or creating security holes.
To address this, Azure AD Premium P1 comes complete with Cloud App Discovery.
This tool works by logging and compiling an ongoing list of connections made by cloud-based applications, then making it available to you as an administrator. Put simply, you can view all of the cloud applications your team are using at any one time and monitor the volume of data being used by each.
Along with analysis for security, Cloud App Discovery can also be used to inform your SSO policy, as you may want to integrate some of these third-party apps with your Azure AD system for faster login.
Microsoft Entra application proxy (formerly Azure AD Application Proxy)
While the world of work has certainly shifted towards working from home in recent times, there’s still many companies who rely on the data housed on-premises.
So how do you make these apps available to your employees even when they’re not at the office?
The answer is the Azure AD Application Proxy.
Application Proxy effectively sits between cloud-based users and your on-premises applications, creating a secure connection between them without exposing your internal network to the entire internet. This isn’t about making your on-premises data available online, but instead creating secure individual connections to trusted users.
Application Proxy is a simple, secure way to allow your team to access both cloud-based and on-premises applications no matter where they are.
Dynamic Group Membership
Creating and managing user groups is one of the most useful features of Azure Active Directory, but it can become time-consuming to manage over time as situations change. For example, if an employee were to move from Marketing to Sales, they’d still occupy a slot in the Marketing AD group until manually moved over.
If you or your administrators are becoming frustrated needing to manually prune your Azure AD groups, you’ll love the Dynamic Groups feature for Azure AD Premium P1.
How does it work? It’s simple: you can enable a set of rules for each user group which dynamically enables or disables group membership on a per-user basis automatically. This removes the need for your admin team to manually juggle group membership.
Dynamic Group membership can be applied based on various different criteria including:
- Department
- Job title
- City
- Country
- Employee ID
- … and many more
How to start using Microsoft Entra ID Plan 1
If these features sound useful, the simplest route for most SMEs is Microsoft 365 Business Premium, which includes Entra ID Plan 1.
Microsoft pricing changes from time to time, so we have removed the 2021 price from this article. If you want help choosing the right plan and getting it set up properly, we can review your licensing, confirm current costs, and deploy the security controls in a way that fits how your business actually works.
In addition to Entra ID Plan 1, we’ve also created guides on the following features which are exclusive to Microsoft 365 Business Premium:
Get the premium experience with a Microsoft 365 upgrade
We know that the Microsoft 365 packages can get more than a little confusing, so we hope this deep-dive has shone a little light on to Azure AD Premium P1 and why you might want to use it in your business.
Ready to talk about upgrading your Microsoft 365 subscription right now, or maybe you’re entirely new to Microsoft 365 and not sure where to start? The team of 365 experts at Get Support is here to help.
Just call us now on 01865 59 4000 to talk about your upgrade, or fill in the form below and we’ll get back to you right away.