Comparing generally available features of the Free, Basic, and Premium editions

Comparing generally available features of the Free, Basic, and Premium editions


Feature Type Features Free Edition Basic Edition Premium Edition Office 365 Apps Only
Common features Directory objects [1] Up to 500,000 objects No object limit No object limit No object limit for Office 365 user accounts
  User and group management (add / update / delete), user-based provisioning,device registration Check Check Check Check
  Single Sign-On (SSO) 10 apps per user [2] 
(pre-integrated SaaS and developer-integrated apps)
10 apps per user [2] 
(free tier + Application proxy apps)
No Limit [4] 
(free, Basic tiers +Self-Service App Integration templates)
10 apps per user [2] 
(pre-integrated SaaS and developer-integrated apps)
  Self-service password change for cloud users Check Check Check Check
  Connect - For syncing between on-premises directories and Azure Active Directory Check Check Check Check
  Security / usage reports 3 Basic reports 3 Basic reports Advanced reports 3 Basic reports
Premium and Basic features Group-based application access management and provisioning   Check Check  
  Self-service password reset for cloud users   Check Check Check
  Company branding (Log-on pages and Access Panel customization)   Check Check Check
  Application Proxy   Check Check  
  High availability SLA uptime (99.9%)   Check Check Check
Premium only features Self-service group management/ self-service application addition /dynamic group membership     Check  
  Multi-Factor Authentication (cloud and on-premises)     Check Limited cloud-only for Office 365 Apps
  Microsoft Identity Manager (MIM) user licenses and MIM server [3]     Check  
  Cloud App Discovery     Check  
  Azure Active Directory Connect Health     Check  
  Automatic password rollover for group accounts     Check  
Windows 10 and Azure AD Join related features Join a Windows 10 device to Azure AD, Desktop SSO, Microsoft Passport for Azure AD, Administrator Bitlocker recovery Check Check Check Check
  MDM auto-enrolment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join     Check  

[1] The Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500,000 object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.

[2] With Azure AD Free and Azure AD Basic, end users who have been assigned access to SaaS apps, can see up to 10 apps in their Access panel and get SSO access to them. Admins can configure SSO and assign user access to as many SaaS apps as they want with Free and Basic however, end users will only see 10 apps in their Access panel at a time.

[3] Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.

[4] Self-service integration of any application supporting SAML, SCIM, or forms-based authentication by using templates provided in the application gallery menu. For more details, please read this article. [