Comparing generally available features of the Free, Basic, and Premium editions
Feature Type | Features | Free Edition | Basic Edition | Premium Edition | Office 365 Apps Only |
Common features | Directory objects [1] | Up to 500,000 objects | No object limit | No object limit | No object limit for Office 365 user accounts |
User and group management (add / update / delete), user-based provisioning,device registration | |||||
Single Sign-On (SSO) | 10 apps per user [2] (pre-integrated SaaS and developer-integrated apps) |
10 apps per user [2] (free tier + Application proxy apps) |
No Limit [4] (free, Basic tiers +Self-Service App Integration templates) |
10 apps per user [2] (pre-integrated SaaS and developer-integrated apps) |
|
Self-service password change for cloud users | |||||
Connect - For syncing between on-premises directories and Azure Active Directory | |||||
Security / usage reports | 3 Basic reports | 3 Basic reports | Advanced reports | 3 Basic reports | |
Premium and Basic features | Group-based application access management and provisioning | ||||
Self-service password reset for cloud users | |||||
Company branding (Log-on pages and Access Panel customization) | |||||
Application Proxy | |||||
High availability SLA uptime (99.9%) | |||||
Premium only features | Self-service group management/ self-service application addition /dynamic group membership | ||||
Multi-Factor Authentication (cloud and on-premises) | Limited cloud-only for Office 365 Apps | ||||
Microsoft Identity Manager (MIM) user licenses and MIM server [3] | |||||
Cloud App Discovery | |||||
Azure Active Directory Connect Health | |||||
Automatic password rollover for group accounts | |||||
Windows 10 and Azure AD Join related features | Join a Windows 10 device to Azure AD, Desktop SSO, Microsoft Passport for Azure AD, Administrator Bitlocker recovery | ||||
MDM auto-enrolment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join |
[1] The Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500,000 object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.
[2] With Azure AD Free and Azure AD Basic, end users who have been assigned access to SaaS apps, can see up to 10 apps in their Access panel and get SSO access to them. Admins can configure SSO and assign user access to as many SaaS apps as they want with Free and Basic however, end users will only see 10 apps in their Access panel at a time.
[3] Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.
[4] Self-service integration of any application supporting SAML, SCIM, or forms-based authentication by using templates provided in the application gallery menu. For more details, please read this article. [https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-custom-apps