Azure Active Directory (MFA) license costs

Our company is working on a webapplication that holds privacy-sensitive data.
Therefor we're looking for an appropriate way to secure it.
We're thinking of using Azure Active Directory, and are looking at the price information: https://azure.microsoft.com/pricing/details/active-directory/

As we want multi-factor authentication, we need edition Premium P1 at least. To enable MFA, additional costs are needed.
We're aiming at about 500 users for our application.

If I'm correct (and I hope I'm not), this would mean a yearly license fee of about € 37500.
For 500 users, that seems like a lot! It would we well above the license fee we're thinking of for the use of the application itself.

What am I missing here?
- Do we get more than we need with this solution?
- Is my calculation incorrect? (What is most of the 500 users allready use AAD in their own environment? How does the billing work?)
- Or is this just what it costs you to provide a safe and secure solution?
- Or are there any other cheaper solutions?
adiemeerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
Contact Microsoft licensing website or if you have Microsoft TAM or you can contact Microsoft distributors to identify costs including discounts support etc

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
I came to ~30420, not 37k.  But yes, you'd be in around that range depending on the number of users.  

With that said, if you only want MFA, you can pay for that individually.

https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/

Look at what comes with P1, and if you won't be using those features, you may be able to get away with Free+MFA or Basic+MFA for less.
kevinhsiehCommented:
I use Azure MFA since before it was bought by Microsoft. We have it individually. You can pay either per provisioned user, or per authentication. We have many more potential users than actual users, we we pay per use. There can very well be other less expensive options.

I suspect that typing your application to any type of Active Directory doesn't make much sense for users outside your organization.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

adiemeerAuthor Commented:
Thanks for your reactions!

@Mahesh: Thanks, I will check

@kevinhsieh: what do you mean with your last line? Our webapplication is targeting directly at users outside our organization. Are you saying AD is not meant for that?

@Cliff, and others:
Interesting, I figured MFA was only available in combination with a Premium account.
It says so here, and at this page, the following is mentioned:

Starting September 1st 2018, new customers will no longer be able to purchase the standalone Azure Multi-Factor Authentication (MFA) services. Multi-Factor Authentication (MFA) is an important security mechanism and will continue to be available in Azure Active Directory.

My calculation of 37k can be found here: https://azure.com/e/f124521ae5ca43429f1202b153a5a05b
It's a combination of using Premimum P1 with additional costs for enabling MFA.

However, in this calculation I can select the free license and still select MFA! This contradicts the pages above.
Can someone explain?!
Vasil Michev (MVP)Commented:
Go with Mahesh's suggestion and contact your Microsoft TAM or local sales guys, nobody here is qualified to quote licensing costs on behalf of Microsoft. But yes, MFA is only available as part of AAD P1/P2 nowadays, you can no longer use the standalone licensing. There are some additional details/calculations listed here, but best contact Microsoft.
MaheshArchitectCommented:
Free mfa is what you get with O365 subscriptions and its functionality is limited to O365 only
adiemeerAuthor Commented:
Thanks again, I understand I'll need to contact Microsoft for detailed information about license costs.

I've got a rather new question though, maybe I've made a mistake in all of the above.

I've been pointed at this page: https://azure.microsoft.com/en-us/services/active-directory-b2c/
And now I don't know what we need anymore.

Our product aims at about 500 users, which are customers, not users within or related to our company.
We only need to provide them a secure access to the website we're creating for them. That's all, no sharing or interacting with them.

However, our users are known to us. They are employees of a variety of completely different companies, with no link to eachother. For some bigger companies a few employees will get a login, for smaller companies only one user will get a login.

When logged in, we'll have to identify for which company the user is working. That's all we need to know. So we don't want to facilitate logging in by Facebook or Gmail, and we don't want users to be able to register.

Is this still B2C functionality?

The pricelist that goes with the page mentioned looks more in line with the functionality than my posts above. For the numbers mentioned the logging in service would be € 0,026 per authentication as we want MFA to be enabled.
Am I correct in this calculation? Or do these costs come on top of another Azure license that I'm now not aware of?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
multi-factor authentication

From novice to tech pro — start learning today.