Back in 2020, Microsoft announced a change in the pricing model for External Identities. The change is mentioned in this blog post, but it did not get that much attention if you ask me. So, to make you all aware, let’s see whats this change is all about, and how your organization can benefit from this.
What’s the case here?
The “old” pricing model is based on a 1:5 ratio, meaning that you could serve 5 guest users for every premium license in your tenant. This is automatically calculated. For example, if you have 100 guest users that make use of Conditional Access, you need to have at least 20 Azure AD P1 licenses. Same goes for Azure AD P2.
In the new pricing model, the billing is changed to the “MAU model”. MAU stands for Monthly Active Users. This model is more predictable and flexible, and the most important: free for the first 50.000 guest users. That’s right, free. So you might only need to buy 1 single P2 license for your admin to upgrade your tenant to P2, and configure the settings, but after that, you can provide 50.000 guest users with all the premium goodness out there for free.
To clarify even more, the new pricing model look’s like this:
Keep note that this model can change slightly over time, so make sure you check the current prices here.
How to migrate to the new billing model?
Changing to the new model is pretty straightforward. The only thing you’ll need is an Azure subscription. This can be either a new or existing subscription. In order to enable the new pricing model, you’ll need to link your Azure AD tenant to a subscription.
Go to the Azure portal, and look for Azure AD – External Identities. Next, click Linked Subscriptions in the left pane. As you can see, this tenant is not linked yet, and therefore still using the old pricing model.
Next, select the tenant, and click Link subscription. Then, select your subscription and resource group. Next, click Apply to finish.
By switching to pricing based on Monthly Active Users (MAU), you will no longer be limited to a 1:5 Azure AD to guest license ratio. Save with your first 50,000 MAU free and pay only for what you use. You will not be billed until your usage exceeds 50.000 MAU.
You can be prompted with the following error: The subscription is not registered to use namespace ‘Microsoft.AzureActiveDirectory’. See https://aka.ms/rps-not-found for how to register subscriptions.
To fix that, register the Microsoft Azure Active Directory service under the Resource providers section within the subscription.
Wrap things up & considerations
This new pricing model can be a very welcome feature for many organizations, meaning they no longer have to worry about buying licenses for their guest and external users. Good to know: this model applies to both B2B and B2C users.
But there are some things to consider here. According to this article, there is an additional flat fee of $0.03 / €0.026 for each SMS/Phone-based multi-factor authentication attempt, failed or successful. This is also mentioned in the FAQ:
Apparently this is also billed for the first 50.000 MAU, so there might be a chance that you pay more than you to in the current billing model. If you use Authenticator App for MFA, there is no additional fee.
To learn more, please check out the following articles:
Pricing – Active Directory External Identities | Microsoft Azure
MAU billing model for Azure AD External Identities | Microsoft Docs
Azure Active Directory External Identities goes premium with advanced security for B2C – Microsoft Tech Community