Azure licenses EMS E5 and P1

Does anyone know Azure licenses features EMS E5 vs. P1 license.  Seems they are offering same options.

Also, would it make sense to have a chunk of users of one license and the rest on another.  It would be hard to manage I think.  

Cliff GaliherCommented:
I think you are mixing apples and oranges.  To my knowledge, there is no EMS P1 plan.  There is *only* EMS (or EM+S as Microsoft has recently been calling it) E3 and E5 plans.

There are other components that have P1 plans, such as Azure AD or Azure Information Protection (AIP), but you specifically said EMS.

And no, neither of those offer the same options  Azure AD P1 only turns on some features in Azure AD.

EM+S E3 *includes* Azure AD P1 *and* AIP P1 *and* Intune.  So its quite a but more than any of the other products' P1 plans standalone.

And yes, there are certainly scenarios where I can see having some users on EMS and others on different plans.  It really depends on the user and the organization.

Tiras25Author Commented:
Thanks Cliff.  Currently we need Azure AD feature.  That is available on the P1 license.  Wonder if I should put all the users on P1 and once some users start needing ti use intune, mobile device management, and other features, upgrade to EMS E5.   P1 is much cheaper.

Also is it easy to manage AAD with different license platforms or better to have all on one to avoid the confusion during the deployment and management?
Cliff GaliherCommented:
I also forgot to mention that when looking at E5 plans, they contain AAD and AIP P2 plans, not P1 plans, which are more feature complete.  But EM+S E5 is still a bundle of multiple other things, so is not comparable to standalone P2 plans either.  It is more than the sum of its parts.
Cliff GaliherCommented:
Whether it is hard to manage users on different AAD plans really depends on how stringent your onboarding and management process is and how many resources you can dedicate to managing that, vs the cost of  the plan differences.  And there are the organizational reasons why you may want/need P1, so given I don't know those factors, I can't say what is best for you.

You want Self Service Password Reset? That's a P1 feature.  Would a tech spend a lot of time troubleshooting what a user cannot reset their password, only to later find out that they only has a Free AAD license or an O365 AAD license, which does not have SSPR?  Probably worth putting them on P1.

Have a coffee shop with a ton of cashiers that need to sign into the cloud-based cashier station, but are not mobile, have no need for SSPR, MFA, or other P1 features?  There may be enough employees that the cost savings of only giving P1 to management makes sense.

...two vastly different scenarios that could justify two different outcomes.  I've done planning for both kinds of environments.  So it *Really* depends on the business need.  Managing different licenses isn't overly hard with well defined roles and processes, But the cost of doing so can outweigh the savings in licenses in certain circumstances.
Tiras25Author Commented:
Got it.  Thank you!
 Currently we have 3rd of the users on EMS E5.  Company grew. The rest ~70% aren't on any licenses.  So pondering if I should just get P1 (stand alone p1) for the rest.  Once users start needing to use Intune, mobile device management, and other features offered by the EMS E5 license we can upgrade the P1s to EMS E5 or, or substitute them for the existing EMS E5 licenses.  
But just thinking if that would be a big mess during the deployment to have users on diff license platforms.
Tiras25Author Commented:
Wait, so P1 include SSPR but EMS E5 doesn't?  I need that feature and MFA as well going forward.
Cliff GaliherCommented:
Not sure where you got that impression.

EMS E5 plans includes AAD P2.  AAD P2 plans have all of AAD P1 features + more.   SSPR and MFA are both in AAD P1.

So SSPR and MFA are also in P2, as P2 is a superset of P1.

And SSPR and MFA are in EMS E5, as that includes AAD P2.  

Its in there, and I don't think I said anything that implies otherwise.

There is probably merit to having some users on P1 and others on EMS as they need more (MDM or MAM being the most likely drivers, though AIP could also be a deciding factor.)   The complexity of managing users on both is going to exist, but is not usually overbearing.
