What licences do I need for compliance?
This question can be a little tricky to answer, so let's break it down into manageable sections.
What Is a Licence?
In platforms like Microsoft 365 or Google Workspace, a licence refers to a subscription assigned to a user that grants access to specific tools, features, and security capabilities.
Each licence type (e.g. Microsoft Business Basic, Google Workspace Business Plus) offers a different level of functionality. Licences are typically managed through an admin console, where they can be assigned, modified, or removed as needed.
How Does It Impact Compliance?
Your licence type directly affects which security features are available to your organisation. Many compliance standards—such as Cyber Essentials, ISO 27001, or SOC 2—require specific security controls that may only be available with higher-tier licences.
As an example, Microsoft’s Conditional Access, a feature used to enforce multi-factor authentication, restrict access based on device compliance, or block risky logins. is required for Cyber Essentials and ISO 27001 compliance. However, it’s only available with Azure AD Premium P1 or P2 licences. If your organisation uses basic licence types, you won’t be able to implement this feature, resulting in a compliance gap.
How Does This Affect the OneClickComply Platform?
The OneClickComply platform scans your entire tenancy and flags any settings or controls that don’t meet the requirements of your selected standard. If your business doesn’t have the correct licences, the platform won’t be able to remediate those settings automatically.
You can outscope tasks that don’t apply to your current licence tier. However, keep in mind that the more tasks you outscope, the less aligned your organisation will be with the full requirements of your chosen compliance standard. Outscoping aspects of a standard is perfectly normal, however too much outscoping could cause an auditor to question your overall approach to security.
There’s no single answer to this question—it depends on the standard you're aiming to comply with and the licences currently in use across your organisation.
We recommend starting by:
Identifying your current licence types (e.g. Microsoft Business Standard, Google Workspace Business Plus).
Reviewing the security requirements of your chosen compliance standard.
Comparing the two to determine whether your current licences provide access to the required security features and controls.
If you find that certain essential features are unavailable under your current licence tier, you may need to upgrade to meet the compliance requirements.
If you’re unsure where to start or want guidance specific to your setup, please reach out to the OneClickComply support team. We’ll work with you to assess your needs and help determine the best next steps.
What Is a Licence?
In platforms like Microsoft 365 or Google Workspace, a licence refers to a subscription assigned to a user that grants access to specific tools, features, and security capabilities.
Each licence type (e.g. Microsoft Business Basic, Google Workspace Business Plus) offers a different level of functionality. Licences are typically managed through an admin console, where they can be assigned, modified, or removed as needed.
How Does It Impact Compliance?
Your licence type directly affects which security features are available to your organisation. Many compliance standards—such as Cyber Essentials, ISO 27001, or SOC 2—require specific security controls that may only be available with higher-tier licences.
As an example, Microsoft’s Conditional Access, a feature used to enforce multi-factor authentication, restrict access based on device compliance, or block risky logins. is required for Cyber Essentials and ISO 27001 compliance. However, it’s only available with Azure AD Premium P1 or P2 licences. If your organisation uses basic licence types, you won’t be able to implement this feature, resulting in a compliance gap.
How Does This Affect the OneClickComply Platform?
The OneClickComply platform scans your entire tenancy and flags any settings or controls that don’t meet the requirements of your selected standard. If your business doesn’t have the correct licences, the platform won’t be able to remediate those settings automatically.
You can outscope tasks that don’t apply to your current licence tier. However, keep in mind that the more tasks you outscope, the less aligned your organisation will be with the full requirements of your chosen compliance standard. Outscoping aspects of a standard is perfectly normal, however too much outscoping could cause an auditor to question your overall approach to security.
What licences do you need?
There’s no single answer to this question—it depends on the standard you're aiming to comply with and the licences currently in use across your organisation.
We recommend starting by:
Identifying your current licence types (e.g. Microsoft Business Standard, Google Workspace Business Plus).
Reviewing the security requirements of your chosen compliance standard.
Comparing the two to determine whether your current licences provide access to the required security features and controls.
If you find that certain essential features are unavailable under your current licence tier, you may need to upgrade to meet the compliance requirements.
If you’re unsure where to start or want guidance specific to your setup, please reach out to the OneClickComply support team. We’ll work with you to assess your needs and help determine the best next steps.
Updated on: 09/04/2025
Thank you!