MAU Billing for B2B Collaboration Guest Users in Workforce Tenant

Question

MAU Billing for B2B Collaboration Guest Users in Workforce Tenant

Maurice Admin 20

Hi ,

I am trying to figure out what license options i have when working with conditional access policies and B2B collaboration guest users. Ans also when assigning Guest users tot a dynamic security group.

Should i have a P1 license for every Guest user of can i use MAU billing and have at least 1 P1 license? (and subsequent licenses for tenant members).

Sridevi Machavarapu 18,220 Reputation points Microsoft External Staff Moderator

2026-01-30T15:31:52.6766667+00:00
Hey Maurice Admin! It sounds like you're trying to get a clearer picture on licensing for B2B collaboration guest users and how it pairs with dynamic security groups in Microsoft Entra. Here’s how it works:

Licensing for Guests: When it comes to B2B collaboration, you can indeed use the Monthly Active Users (MAU) billing model. This model applies specifically to external users who authenticate with their own credentials and have a UserType of Guest. You do not need to assign a separate P1 (Premium P1) license for every guest user. Instead, having at least one P1 license for your tenant (plus any necessary licenses for internal members) should suffice while utilizing the MAU billing option for guest users.

Conditional Access and Dynamic Security Groups: To apply conditional access policies to guest users, the guests themselves do not require a P1 license, but your tenant needs to have the appropriate P1 licenses in place for any features that the policies will enforce. Moreover, you can indeed assign guest users to dynamic security groups based on rules configured in Azure AD.

Here's a summarized view of your options:

Use MAU Billing: You can manage costs effectively, allowing guest users while only needing at least one P1 license for your internal users.

Dynamic Groups: Yes, you can create dynamic groups containing guest users as well, which is useful for managing access rights based on user attributes.

References

Microsoft Entra External ID Pricing

Managing B2B Collaboration

Best Practices for B2B Collaboration

Dynamic Groups Overview

Hope this helps you get started! If you have more questions or need further clarification, feel free to ask!

Note: This content was drafted with the help of an AI system.
Maurice Admin 20 Reputation points

2026-01-30T22:30:17.8+00:00

Hi, thank you for your reply, it is still not clear to me if i am complient with license requirements if i have 1 P1 license en MAU Billing for guest users and apply a conditional access policy to enforce mfa for guest users.
Maurice Admin 20 Reputation points

2026-02-02T11:41:35.5466667+00:00

Is there an overview where i can find which P1, P2 Features are included in MAU Billing for b2b guest users ?
Sridevi Machavarapu 18,220 Reputation points Microsoft External Staff Moderator

2026-02-02T12:09:18.0633333+00:00
Hello Maurice Admin,

There isn’t a single Microsoft document that lists P1/P2 features and shows which ones are covered under MAU for B2B guests.

Microsoft explains this through the External ID pricing and FAQ pages instead. These focus on how external users are billed when they sign in and use access-related features, rather than mapping every P1/P2 feature.

In general:

Conditional Access and MFA for guests are covered under MAU billing.

You don’t need individual P1/P2 licenses for guest users for these features.

Internal users still need P1/P2 licenses.

Some governance features and add-ons have separate licensing.

The most useful references are:

External ID pricing https://learn.microsoft.com/en-us/entra/external-id/external-identities-pricing

External ID FAQ https://learn.microsoft.com/en-us/entra/external-id/customers/faq-customers

Governance licensing https://learn.microsoft.com/en-us/entra/id-governance/microsoft-entra-id-governance-licensing-for-guest-users

Together, these explain what is covered under MAU and what may require extra licensing.

Hope this helps.

Answer accepted by question author

0 additional answers

Your answer

Sridevi Machavarapu 18,220 Reputation points Microsoft External Staff Moderator

2026-01-30T15:31:52.6766667+00:00

Hey Maurice Admin! It sounds like you're trying to get a clearer picture on licensing for B2B collaboration guest users and how it pairs with dynamic security groups in Microsoft Entra. Here’s how it works:

Licensing for Guests: When it comes to B2B collaboration, you can indeed use the Monthly Active Users (MAU) billing model. This model applies specifically to external users who authenticate with their own credentials and have a UserType of Guest. You do not need to assign a separate P1 (Premium P1) license for every guest user. Instead, having at least one P1 license for your tenant (plus any necessary licenses for internal members) should suffice while utilizing the MAU billing option for guest users.

Conditional Access and Dynamic Security Groups: To apply conditional access policies to guest users, the guests themselves do not require a P1 license, but your tenant needs to have the appropriate P1 licenses in place for any features that the policies will enforce. Moreover, you can indeed assign guest users to dynamic security groups based on rules configured in Azure AD.

Here's a summarized view of your options:

Use MAU Billing: You can manage costs effectively, allowing guest users while only needing at least one P1 license for your internal users.

Dynamic Groups: Yes, you can create dynamic groups containing guest users as well, which is useful for managing access rights based on user attributes.

References

Microsoft Entra External ID Pricing

Managing B2B Collaboration

Best Practices for B2B Collaboration

Dynamic Groups Overview

Hope this helps you get started! If you have more questions or need further clarification, feel free to ask!

Note: This content was drafted with the help of an AI system.
Maurice Admin 20 Reputation points

2026-01-30T22:30:17.8+00:00

Hi, thank you for your reply, it is still not clear to me if i am complient with license requirements if i have 1 P1 license en MAU Billing for guest users and apply a conditional access policy to enforce mfa for guest users.
Maurice Admin 20 Reputation points

2026-02-02T11:41:35.5466667+00:00

Is there an overview where i can find which P1, P2 Features are included in MAU Billing for b2b guest users ?
Sridevi Machavarapu 18,220 Reputation points Microsoft External Staff Moderator

2026-02-02T12:09:18.0633333+00:00

Hello Maurice Admin,

There isn’t a single Microsoft document that lists P1/P2 features and shows which ones are covered under MAU for B2B guests.

Microsoft explains this through the External ID pricing and FAQ pages instead. These focus on how external users are billed when they sign in and use access-related features, rather than mapping every P1/P2 feature.

In general:

Conditional Access and MFA for guests are covered under MAU billing.

You don’t need individual P1/P2 licenses for guest users for these features.

Internal users still need P1/P2 licenses.

Some governance features and add-ons have separate licensing.

The most useful references are:

External ID pricing https://learn.microsoft.com/en-us/entra/external-id/external-identities-pricing

External ID FAQ https://learn.microsoft.com/en-us/entra/external-id/customers/faq-customers

Governance licensing https://learn.microsoft.com/en-us/entra/id-governance/microsoft-entra-id-governance-licensing-for-guest-users

Together, these explain what is covered under MAU and what may require extra licensing.

Hope this helps.

Answer 1

Hello Maurice Admin,

Yes, this setup can be compliant with 1 P1 license plus MAU billing for guests, provided a few conditions are met.

B2B guest users are covered under MAU billing, including when you apply Conditional Access and enforce MFA. They do not need individual P1 licenses.

Internal users who create or manage Conditional Access policies must be covered by P1. If only one admin is using these features, one P1 license is sufficient.

Dynamic security groups are a P1 feature. Microsoft requires that your tenant owns enough P1 licenses to cover all unique users in those groups. The licenses don’t need to be assigned directly, but the total count must be sufficient. This may include guests if they are members.

In summary:

Guests are covered by MAU
Members need P1
Dynamic groups require enough total P1 licenses
Conditional Access with MFA for guests is supported

If your tenant meets these points, your current licensing approach should be compliant.

Sridevi Machavarapu 18,220 Reputation points Microsoft External Staff Moderator

2026-02-02T12:10:23.09+00:00

Hello Maurice Admin,

If all your concerns are resolved, please click on to close this question.

Share via

MAU Billing for B2B Collaboration Guest Users in Workforce Tenant

References

0 additional answers

Your answer