Tag: P2

Microsoft Entra ID P2 Access Reviews: A Critical Evaluation for SMB Customers in Australia

Another article generated by Copilot Research agent using Claude.

——————————————————–

Executive Summary

Microsoft Entra ID P2 Access Reviews are sophisticated identity governance tools designed primarily for enterprise scenarios. While they offer robust capabilities for managing user access at scale, their practical value for Australian SMBs is limited and often doesn’t justify the additional AU$13.50 per user per month cost beyond Microsoft 365 Business Premium. [1] [2]

Most SMBs can achieve adequate security and governance through simpler, more cost-effective methods unless they face specific regulatory compliance requirements or manage highly sensitive data. The complexity and cost of implementation typically outweigh the benefits for businesses with fewer than 100 users.

 

What Are Entra ID P2 Access Reviews?

Core Functionality

Access Reviews in Microsoft Entra ID enable organisations to efficiently manage group memberships, access to enterprise applications, and role assignments through regular certification processes. [1] The feature allows businesses to:

  • Schedule regular reviews of who has access to specific resources
  • Delegate review responsibilities to appropriate stakeholders (managers, resource owners, or users themselves)
  • Automate access removal based on review outcomes
  • Generate compliance reports for audit purposes
  • Implement time-limited access with automatic expiration
Key Components

Access Reviews operate through several integrated components:

  1. Review Scope: Define which users and resources to review [3]
  2. Reviewers: Designated individuals who approve or deny access
  3. Review Frequency: Weekly, monthly, quarterly, or annual cycles
  4. Automated Actions: Remove access for denied users automatically
  5. Smart Recommendations: AI-driven suggestions based on user activity patterns

 

Step-by-Step Setup Guide for Small Businesses

Prerequisites

Before implementing Access Reviews, SMBs must ensure:

  • Licensing: Microsoft Entra ID P2 or Entra ID Governance licenses [4] [5]
  • Administrative Access: Identity Governance Administrator role minimum
  • Application Integration: Resources must be integrated with Entra ID
Implementation Process

Detailed Setup Steps:

  1. Sign in to Microsoft Entra admin centre as an Identity Governance Administrator [3]


  2. Navigate to ID Governance > Access Reviews

    • Select “New access review” to begin configuration

  3. Define Review Scope [3]

    • Choose between Teams + Groups or Applications
    • Select specific resources or all Microsoft 365 groups with guest users
    • Determine user scope (everyone, guests only, or inactive users)

  4. Configure Reviewers [3]

    • Group owners (recommended for SMBs)
    • Selected users or groups
    • Users review their own access
    • Managers of users
    • Set fallback reviewers for orphaned accounts

  5. Set Recurrence [3]

    • Duration: How long reviewers have to complete (typically 14-30 days)
    • Start date and frequency
    • End date or number of occurrences

  6. Configure Settings

    • Auto-apply results to resources
    • Email notifications and reminders
    • Justification requirements
    • Decision helpers and recommendations

 

Benefits for SMBs: An Honest Assessment

Genuine Benefits

Where Access Reviews genuinely add value for SMBs: [6]

  1. Regulatory Compliance: Industries with strict compliance requirements (healthcare, finance, legal) benefit from automated documentation
  2. External Collaboration: Businesses with numerous external partners or contractors gain better control
  3. Distributed Management: Companies with multiple locations or departments can delegate access decisions
  4. Risk Reduction: Automated removal of stale access reduces security exposure
Reality Check: Limitations for SMBs

Critical considerations that diminish value for small businesses:

  1. Cost vs Benefit:

    • AU$13.50 per user per month adds AU$162 annually per user [2]
    • For 20 users: AU$3,240/year additional cost
    • For 50 users: AU$8,100/year additional cost

  2. Complexity Overhead: [4]

    • Requires understanding of multiple stakeholder roles
    • Complex initial setup and ongoing maintenance
    • Training requirements for reviewers

  3. Limited Applicability:

    • Most SMBs have simple, stable access patterns
    • Manual quarterly reviews often sufficient for small teams
    • Limited integration with SMB-focused applications

  4. Licensing Confusion:

    • Microsoft 365 Business Premium includes only Entra ID P1 [7] [8]
    • Access Reviews require P2, creating additional licensing complexity
    • Reviewers also need P2 licenses, not just administrators [5]

 

Entitlement Management: Overkill for Most SMBs?

What Is Entitlement Management?

Entitlement management enables organisations to manage identity and access lifecycle at scale through access packages – bundles of resources users need for specific roles or projects. [9]

The SMB Verdict on Entitlement Management

Entitlement management is almost certainly overkill for SMBs under 100 users. Here’s why: [9]


  1. Designed for Scale: The feature addresses problems that emerge at enterprise scale – hundreds or thousands of users across multiple departments


  2. Overhead vs Value:

    • Requires significant upfront design and configuration
    • Ongoing maintenance of access packages
    • Complex approval chains unnecessary in flat SMB structures

  3. Simpler Alternatives Work:

    • Direct group assignments sufficient for most SMBs
    • SharePoint/Teams permissions handle project-based access
    • Manual onboarding/offboarding manageable at small scale

  4. Real-World SMB Scenarios:

    • 10-20 employees: Owner knows everyone; manual management works fine
    • 20-50 employees: Simple group-based access with quarterly manual reviews
    • 50-100 employees: Consider basic automation but full entitlement management rarely justified

 

Pricing Analysis for Australian SMBs

Cost Breakdown

Microsoft 365 Business Premium (approximately AU$39.60/user/month) includes: [10]

  • Entra ID P1 (formerly Azure AD Premium P1)
  • Conditional Access
  • Multi-factor authentication
  • Self-service password reset
  • Basic identity protection

To get Access Reviews, you need Entra ID P2 at AU$13.50/user/month additional, which includes: [2]

  • Everything in P1
  • Access Reviews
  • Privileged Identity Management (PIM)
  • Identity Protection with risk-based policies
  • Entitlement management
Total Cost Comparison (Annual, excluding GST)
UsersBusiness Premium OnlyBusiness Premium + P2Additional Cost
10AU$4,752AU$6,372AU$1,620
20AU$9,504AU$12,744AU$3,240
50AU$23,760AU$31,860AU$8,100
100AU$47,520AU$63,720AU$16,200

Note: Prices shown do not include GST. Add 10% for GST-inclusive pricing.

 

Practical Recommendations for SMBs

When Access Reviews Make Sense

Alternative Approaches for Most SMBs

Instead of Access Reviews, consider these more practical approaches: [8]

  1. Quarterly Manual Reviews:

    • Export user lists from Microsoft 365 admin centre
    • Review with department heads
    • Document decisions in SharePoint/Excel
    • Cost: Staff time only

  2. Leverage Business Premium Features:

    • Use Conditional Access for location/device-based controls
    • Implement MFA for all users
    • Configure automatic account disabling for inactive users
    • Monitor sign-in logs regularly

  3. Simple Governance Process:

    • Standardise onboarding/offboarding checklists
    • Use Microsoft Forms for access requests
    • Power Automate for basic approval workflows
    • Regular security awareness training

  4. Focus on Fundamentals:

    • Strong password policies
    • Least privilege principle
    • Regular security updates
    • Data loss prevention policies
    • Email security (already included in Business Premium)

 

The Bottom Line for Australian SMBs

Key Takeaways

Access Reviews and entitlement management are powerful enterprise features that rarely justify their cost and complexity for SMBs under 100 users. The additional AU$13.50 per user per month represents a 34% increase over Microsoft 365 Business Premium pricing, which already includes substantial security features.

Final Verdict

For the vast majority of Australian SMBs, Entra ID P2 Access Reviews represent an expensive solution to problems they don’t actually have. The features are well-designed and powerful, but they address enterprise-scale challenges around distributed governance, compliance automation, and managing thousands of access relationships.

Small businesses are better served by:

  • Maximising the value from Microsoft 365 Business Premium’s included features
  • Implementing simple, documented manual review processes
  • Focusing security investments on user training and basic controls
  • Considering P2 only when specific compliance requirements demand it

The money saved by avoiding unnecessary P2 licensing could be better invested in security awareness training, backup solutions, or managed security services that provide more tangible benefits for small business risk profiles.

References

[1] What are access reviews? – Microsoft Entra – Microsoft Entra ID Governance | Microsoft Learn

[2] Microsoft Entra Plans and Pricing | Microsoft Security

[3] Create an access review of groups and applications – Microsoft Entra ID Governance | Microsoft Learn

[4] Preparing for an access review of users’ access to an application – Microsoft Entra ID Governance | Microsoft Learn

[5] Who needs P2 license for Access Reviews? Creator? Reviewer? Reviewees? – Microsoft Q&A

[6] Plan a Microsoft Entra access reviews deployment – Microsoft Entra ID Governance | Microsoft Learn

[7] Microsoft 365 Business Premium Licensing question – Microsoft Q&A

[8] Securing Microsoft 365 Copilot in a Small Business Environment

[9] What is entitlement management? – Microsoft Entra ID Governance | Microsoft Learn

[10] Modern-Work-Plan-Comparison-SMB

Microsoft Entra ID P2 Entitlement Management: An Honest Assessment for SMBs

I used Claude with Copilot Researcher agent to generate this report. Provides an idea of the type and quality of the output.

———————————————

Executive Summary

Microsoft Entra ID P2 Entitlement Management is an advanced identity governance feature designed for managing identity and access lifecycle at scale [1]. Whilst powerful for large enterprises, the reality for SMBs is more nuanced. This report provides a candid assessment based on current market analysis and practical considerations for small businesses with 50-300 employees.

The bottom line: For most SMBs, the £32,400 annual investment (for 300 users) in Entra ID P2 solely for entitlement management features represents poor value when compared to alternatives like Microsoft 365 Business Premium (which includes Entra ID P1) or competing solutions from vendors like Okta and JumpCloud.

What is Entitlement Management?

Core Capabilities

Entitlement management introduces the concept of access packages – bundles of all resources with the access a user needs to work on a project or perform their task [1]. Key features include:

  • Multi-stage approval workflows for access requests [1]
  • Time-limited assignments that automatically expire [1]
  • Automatic user provisioning based on properties like department or cost centre [1]
  • External user management for partners and vendors [1]
  • Access reviews to ensure users don’t retain unnecessary access [1]
  • Delegated administration allowing non-IT staff to manage access for their departments [1]
Use Cases Microsoft Highlights

The platform addresses scenarios such as:

  • Users might not know what access they should have [1]
  • Users holding onto access longer than required for business purposes [1]
  • Managing external users from supply chain organisations or business partners [1]
  • Departments managing their own access policies without IT involvement [1]

Cost Analysis for SMBs

Entra ID P2 Pricing

£9/user/month

£108 per user annually

300-User Organisation

£32,400/year

Just for identity governance

Business Premium

£22/user/month

Includes productivity + security + Entra P1

Licensing Breakdown

According to Microsoft’s official pricing [2][3]:

Monthly Cost Annual Cost (300 users) What’s Included
Entra ID P2 standalone £9/user £32,400 Identity governance, PIM, advanced protection
Entra ID Governance add-on £7/user (requires P1/P2) £25,200 Entitlement management features only
M365 Business Premium £22/user £79,200 Full productivity suite + Entra P1 + Defender
Business Standard + Entra P1 £18.50/user £66,600 Productivity + basic identity management

Hidden Costs Often Overlooked

Beyond licensing, SMBs must consider:

  1. Implementation complexity: Initial setup can require significant IT resources or consultant fees [3]
  2. Training requirements: Staff need education on managing access packages and policies
  • Ongoing administration: Someone must regularly review and update access packages
  • Integration effort: Connecting all applications and resources to the system
    • Includes essential security: Defender for Business, Safe Links, Safe Attachments
    • Provides device management: Intune for policy enforcement across all devices
    • Offers data protection: Azure Information Protection for sensitive files
    • Simplifies licensing: One license for all users eliminates confusion
    • Enables cloud-first operations: Critical for businesses without on-premises servers [4]The reality: The cost of Microsoft Entra ID can escalate significantly, especially with the need for advanced features or for companies managing a large user base [3][3].

      Implementation Guide for SMBs

      • Phase 1: Prerequisites (Week 1-2)

        Ensure Entra ID P2 licensing and admin access

      • Phase 2: Catalog Creation (Week 3)

        Set up resource catalogs and define owners

      • Phase 3: Access Packages (Week 4-5)

        Create packages bundling resources for common roles

      • Phase 4: Policy Definition (Week 6-7)

        Configure approval workflows and time limits

      • Phase 5: Testing & Rollout (Week 8-10)

        Pilot with select departments before full deployment

      Step-by-Step Setup Process
      1. Enable Entitlement Management
      • Navigate to Microsoft Entra admin centre
      • Enable the entitlement management feature
      • Assign initial administrators
      2. Create Catalogs [1]
      • Establish containers for related resources
      • Designate catalog owners from business units
      • Define delegation permissions
      3. Add Resources to Catalogs
      • Microsoft Entra security groups [1]
      • Microsoft 365 Groups and Teams [1]
      • Enterprise applications (SaaS and custom) [1]
      • SharePoint Online sites [1]
      4. Design Access Packages [1]
      • Bundle resources needed for specific job functions
      • Create packages for common scenarios (new employee, contractor, project team)
      • Define resource roles within each package
      5. Configure Policies [1]
      • Set eligible requestors (internal users or partner organisations)
      • Define approval processes and approvers
      • Establish access duration and renewal requirements
      • Configure automatic assignment rules based on user attributes
      6. Test and Deploy
      • Run pilot with IT department
      • Gather feedback and refine packages
      • Roll out department by department
      • Monitor usage and adjust as needed
      Time and Resource Requirements

      For a 100-person SMB, expect:

      • Initial setup: 4-6 weeks with dedicated IT resource
      • Ongoing maintenance: 5-10 hours monthly
      • User training: 2-4 hours per department

      The Honest Truth: Is It Worth It for SMBs?

      ✅ When It Makes Sense

      Heavy compliance requirements, complex partner ecosystems, frequent staff changes, or multi-organisation collaboration needs

      ❌ When It’s Overkill

      Stable workforce, simple org structure, limited external collaboration, or existing solutions working well

      Where Entitlement Management Adds Value

      Legitimate use cases for SMBs include:

      1. Heavily regulated industries (healthcare, finance) requiring detailed access audit trails [1]
      2. High staff turnover scenarios where automation saves significant time
      3. Complex partner relationships with multiple external organisations needing controlled access [1]
      4. Project-based businesses with frequently changing team compositions [1]
      5. Compliance requirements demanding regular access reviews and certifications
      Where It’s Unnecessary Complexity

      For most SMBs, entitlement management is overkill because:

      1. Microsoft 365 Business Premium is sufficient: At £22/user/month, it includes Entra ID P1 with Conditional Access, MFA, and basic identity management – enough for most SMBs [4][4]
      2. Simpler alternatives exist: Solutions like JumpCloud offer all-in-one platforms for SSO, directory services, and device management at more SMB-friendly price points [5][5]
      3. Limited IT resources: Small businesses often lack dedicated identity governance teams. The initial setup learning curve can be steep [3]
      4. Manual processes work fine: For organisations under 150 users, manual access management with good documentation often suffices
      5. Business Premium provides essential security: Including Safe Links, Safe Attachments, Azure Information Protection, and Intune device management [4]
      Real-World Perspective

      According to recent market analysis, mid-sized companies (100-750 employees) with hybrid workforces often find better value in unified platforms like JumpCloud that combine identity and device management [5]. Even Okta, whilst potentially expensive at scale, offers 7,000+ pre-built app integrations with faster deployment than complex governance systems [5][5].

      The harsh reality: Microsoft Entra ID documentation can occasionally lag behind the rapid pace of feature updates, making implementation challenging for resource-constrained IT teams [3].

      Alternative Solutions Comparison

      Detailed Comparison Table
      Solution Best For Monthly Cost (100 users) Key Advantages Main Limitations
      M365 Business Premium Microsoft-centric SMBs £2,200 Integrated suite, includes productivity tools, Defender for Business Limited to 300 users
      JumpCloud Hybrid IT environments £800-1,200 Cross-platform support, device + identity management Lacks deeper governance features
      Okta SaaS-heavy organisations £1,200-1,800 7,000+ integrations, fast deployment Can get expensive at scale
      OneLogin Cloud-first SMBs £900-1,500 SmartFactor Authentication, AI-driven security Limited device management
      Why Business Premium Usually Wins

      For SMBs already in the Microsoft ecosystem, Business Premium at £22/user/month delivers better value than standalone Entra P2 because [4]:

    Recommendations by Business Size

    Decision Framework

    Ask these questions before investing in Entra P2:

    1. Do you have dedicated IT staff for identity governance? If no, the complexity isn’t worth it.
    2. Are you in a heavily regulated industry? If yes, the audit and compliance features may justify the cost.
    3. Do you frequently onboard/offboard contractors or partners? If yes, automation could save significant time.
    4. Is your organisation structure simple and stable? If yes, manual processes with Business Premium suffice.
    5. Are you already struggling with your current identity management? If no, don’t add complexity for complexity’s sake.

    Final Verdict

    The Bottom Line

    Microsoft Entra ID P2 Entitlement Management is a powerful tool solving real problems – just not problems most SMBs actually have. The complexity, cost, and administrative overhead rarely justify the investment for organisations under 300 users.

    For 95% of SMBs, the path forward is clear:

    1. Start with Microsoft 365 Business Premium (£22/user/month) for integrated security and productivity
    2. Implement the basics well: MFA, Conditional Access, device management via Intune
    3. Use simple processes: Document access procedures, regular reviews, clear onboarding/offboarding
    4. Reassess at growth milestones: Consider advanced governance only when complexity genuinely demands it

    Remember: Adding complexity doesn’t automatically mean adding security. A well-implemented, simple identity management system beats a poorly maintained complex one every time. For most SMBs, Business Premium provides the right balance of security, usability, and value [4].

    When to Reconsider

    Revisit the Entra P2 decision when:

    • Your organisation exceeds 300 users
    • You enter heavily regulated markets
    • External collaboration becomes core to your business
    • Manual processes consume more than 20 hours monthly
    • Audit failures highlight governance gaps

    Until then, invest in getting the basics right rather than adding advanced features you won’t fully utilise. Your budget, IT team, and users will thank you.

    References

    [1] What is entitlement management? – Microsoft Entra ID Governance | Microsoft Learn

    [2] Microsoft Entra Plans and Pricing | Microsoft Security

    [3] Microsoft Entra ID Review 2025: Key Features, Pricing & Alternatives

    [4] 365 Business Premium vs Business Standard & Entra ID P1

    [5] Top 10 IAM Solutions for Mid-size Companies (2025)