Azure Active Directory (MFA) license costs

adiemeer
adiemeer used Ask the Experts™
on
Our company is working on a webapplication that holds privacy-sensitive data.
Therefor we're looking for an appropriate way to secure it.
We're thinking of using Azure Active Directory, and are looking at the price information: https://azure.microsoft.com/pricing/details/active-directory/

As we want multi-factor authentication, we need edition Premium P1 at least. To enable MFA, additional costs are needed.
We're aiming at about 500 users for our application.

If I'm correct (and I hope I'm not), this would mean a yearly license fee of about € 37500.
For 500 users, that seems like a lot! It would we well above the license fee we're thinking of for the use of the application itself.

What am I missing here?
- Do we get more than we need with this solution?
- Is my calculation incorrect? (What is most of the 500 users allready use AAD in their own environment? How does the billing work?)
- Or is this just what it costs you to provide a safe and secure solution?
- Or are there any other cheaper solutions?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Architect
Distinguished Expert 2018
Commented:
Contact Microsoft licensing website or if you have Microsoft TAM or you can contact Microsoft distributors to identify costs including discounts support etc
Distinguished Expert 2018

Commented:
I came to ~30420, not 37k.  But yes, you'd be in around that range depending on the number of users.  

With that said, if you only want MFA, you can pay for that individually.

https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/

Look at what comes with P1, and if you won't be using those features, you may be able to get away with Free+MFA or Basic+MFA for less.
kevinhsiehNetwork Engineer

Commented:
I use Azure MFA since before it was bought by Microsoft. We have it individually. You can pay either per provisioned user, or per authentication. We have many more potential users than actual users, we we pay per use. There can very well be other less expensive options.

I suspect that typing your application to any type of Active Directory doesn't make much sense for users outside your organization.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Thanks for your reactions!

@Mahesh: Thanks, I will check

@kevinhsieh: what do you mean with your last line? Our webapplication is targeting directly at users outside our organization. Are you saying AD is not meant for that?

@Cliff, and others:
Interesting, I figured MFA was only available in combination with a Premium account.
It says so here, and at this page, the following is mentioned:

Starting September 1st 2018, new customers will no longer be able to purchase the standalone Azure Multi-Factor Authentication (MFA) services. Multi-Factor Authentication (MFA) is an important security mechanism and will continue to be available in Azure Active Directory.

My calculation of 37k can be found here: https://azure.com/e/f124521ae5ca43429f1202b153a5a05b
It's a combination of using Premimum P1 with additional costs for enabling MFA.

However, in this calculation I can select the free license and still select MFA! This contradicts the pages above.
Can someone explain?!
Most Valuable Expert 2015
Distinguished Expert 2018
Commented:
Go with Mahesh's suggestion and contact your Microsoft TAM or local sales guys, nobody here is qualified to quote licensing costs on behalf of Microsoft. But yes, MFA is only available as part of AAD P1/P2 nowadays, you can no longer use the standalone licensing. There are some additional details/calculations listed here, but best contact Microsoft.
MaheshArchitect
Distinguished Expert 2018
Commented:
Free mfa is what you get with O365 subscriptions and its functionality is limited to O365 only

Author

Commented:
Thanks again, I understand I'll need to contact Microsoft for detailed information about license costs.

I've got a rather new question though, maybe I've made a mistake in all of the above.

I've been pointed at this page: https://azure.microsoft.com/en-us/services/active-directory-b2c/
And now I don't know what we need anymore.

Our product aims at about 500 users, which are customers, not users within or related to our company.
We only need to provide them a secure access to the website we're creating for them. That's all, no sharing or interacting with them.

However, our users are known to us. They are employees of a variety of completely different companies, with no link to eachother. For some bigger companies a few employees will get a login, for smaller companies only one user will get a login.

When logged in, we'll have to identify for which company the user is working. That's all we need to know. So we don't want to facilitate logging in by Facebook or Gmail, and we don't want users to be able to register.

Is this still B2C functionality?

The pricelist that goes with the page mentioned looks more in line with the functionality than my posts above. For the numbers mentioned the logging in service would be € 0,026 per authentication as we want MFA to be enabled.
Am I correct in this calculation? Or do these costs come on top of another Azure license that I'm now not aware of?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial