Forum Discussion
Licensing - Limit Defender for Identity to certain users
Correct, excluding your unlicensed users from MDI will help avoid potential service disruption to your organization as Some tenant services are not currently capable of limiting benefits to specific users. I recommend you to exclude the unlicensed users from the detection rules to make sure that this will not affect you in the future, open a case with the licensing team to make sure that you're covering the scenario as it should be.
MicrosoftMDI provides security value (posture, detection, investigation, response, etc.) to the entire organization or domain, rather than provide a specific capability to specific users or groups. As a result, it's not possible to scope the deployment or licensing to just part of the organization. This is actually a good thing, since attackers could come from outside the scope of any given user or group, and MDI needs to be able to detect and prevent such attacks regardless of their origin. By providing security value to the entire organization, MDI helps ensure that the entire organization is protected from a wide range of potential threats.