Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
710 questions
As a CSP can we use first 50,000 MAU with guest accounts for managing our customer?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JND
0
Reputation points
Hi,
As CSP, we have an Azure management tenant where all our support/admin engineers have a local account. We would like to implement this scenario :
- The management tenant hosts the local accounts of admins with P2 licences for each one
- We use Identity Gouvernance feature PIM for managing this management tenant an requesting high privileges
- For managing all our customers we have guest accounts for connecting to their tenant
- Local accounts of all admins in the Management tenant, invited in each customer tenant for managing them with the guest account resulting from the invitation
- In the customer tenant we would like to also use PIM for requesting high privileges with our guest accounts (guest account linked to our management tenant with accounts already having a P2 licences)
The guest account will be used for managing customer tenant : managing customer users/groups, managing RBAC, creation/deletion/change of azure resources (RG, VNet, Storage account...), and everything based on customer needs/requests.
The questions are the following :
- Since we have P2 licences in our Management tenant for all admins, can the guest accounts of the same account in the customer tenant use PIM without any additional cost, as describe here the first 50,000 MAU : https://azure.microsoft.com/en-gb/pricing/details/active-directory-b2c/
- Or does the the first 50,000 MAU only applies for B2C Identity for applications authencation?
- I guess there is just one licence P2 to buy for the customer tenant, only if the only accounts using the PIM are our guest account (already having the P2 licence in the management tenant)? is this correct?
- Do we have something to configure on our tenant or in the customer tenant for enabling the usage of the MAU and being compliant regarding the licencing? Any configuration in the Azure portal of the management tenant or the customers?
- Does it make any difference for the licencing purpose if the guest account is created manually, by Powershell script or by the Cross tenant sync?
For information : The confusing part is the several terms used by Microsoft for describing the type of account for which it applies : B2B account, B2C account, External account, Guest account...
Thanks,
JND.
Microsoft Identity Manager
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,019 questions
Sign in to answer