Forum Discussion
Licensing - Limit Defender for Identity to certain users
Hi,
I have seen similar questions regarding licensing before, but not this one in particular.
Right now I am working with a client who would like to use Defender for Identity, but only for a certain part of their organization.
From what I can read in the Microsoft Documentation, this should be possible, as long as you take efforts to limit the use to those who have the proper license.
URL: https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-defender-for-identity
Copied from the above URL:
"How can the service be applied only to users in the tenant who are licensed for the service?
Microsoft Defender for Identity services are currently not capable of limiting capabilities to specific users. Efforts should be taken to limit the service benefits to licensed users."
My question in specific is, that are the correct efforts that Microsoft is mentioning in their documentation, that limits the service benefits? Would that be to use "Global excluded entities"? And exlude all but those users who have the license applied?
All users is in the same domain, so I am unable to use that feature unfortunately.
If someone have any feedback or information regarding this, I would be really happy to hear about it.
Cheers,
Robin
Correct, excluding your unlicensed users from MDI will help avoid potential service disruption to your organization as Some tenant services are not currently capable of limiting benefits to specific users. I recommend you to exclude the unlicensed users from the detection rules to make sure that this will not affect you in the future, open a case with the licensing team to make sure that you're covering the scenario as it should be.
9 Replies
- Martin_Schvartzman
Microsoft
MDI provides security value (posture, detection, investigation, response, etc.) to the entire organization or domain, rather than provide a specific capability to specific users or groups. As a result, it's not possible to scope the deployment or licensing to just part of the organization. This is actually a good thing, since attackers could come from outside the scope of any given user or group, and MDI needs to be able to detect and prevent such attacks regardless of their origin. By providing security value to the entire organization, MDI helps ensure that the entire organization is protected from a wide range of potential threats.
Thanks for taking time to respond to my question.
Are you telling me that there is no way of excluding non licensensed users, even though you state the following in the documentation? To me, that sentence sounds like you are opening up to use the feature for a limited amount of users. But what makes it hard for us as users / consultants is the fact that Microsoft isn't clearly stating what efforts are valid from their perspective.
"Microsoft Defender for Identity services are currently not capable of limiting capabilities to specific users. Efforts should be taken to limit the service benefits to licensed users."
So we either need to license all users, or disable the feature? That are the two real options we have to be compliant with Microsoft Licensing from your knowledge?
- Martin_Schvartzman
I understand why the documentation can be confusing. I'll ask to update it.
Thank you.
- so all your users are licensed with a license that include the MDI plan ? and you want to exclude some users from the detection rules of your MDI ?
Hi elieelkarkafi,
Thanks for your response.
The customers have bought X amount of individual Defender for Identity licenses to cover X amount of users in their organization.
I just want to make sure that we do the correct efforts from a Microsoft perspective to "limit the service benefits" for the rest of the unlicensed users. If that makes any sense?
Best regards,
Robin
Correct, excluding your unlicensed users from MDI will help avoid potential service disruption to your organization as Some tenant services are not currently capable of limiting benefits to specific users. I recommend you to exclude the unlicensed users from the detection rules to make sure that this will not affect you in the future, open a case with the licensing team to make sure that you're covering the scenario as it should be.
