Forum Discussion
Licensing - Limit Defender for Identity to certain users
Correct, excluding your unlicensed users from MDI will help avoid potential service disruption to your organization as Some tenant services are not currently capable of limiting benefits to specific users. I recommend you to exclude the unlicensed users from the detection rules to make sure that this will not affect you in the future, open a case with the licensing team to make sure that you're covering the scenario as it should be.
Thanks for taking time to respond to my question.
Are you telling me that there is no way of excluding non licensensed users, even though you state the following in the documentation? To me, that sentence sounds like you are opening up to use the feature for a limited amount of users. But what makes it hard for us as users / consultants is the fact that Microsoft isn't clearly stating what efforts are valid from their perspective.
"Microsoft Defender for Identity services are currently not capable of limiting capabilities to specific users. Efforts should be taken to limit the service benefits to licensed users."
So we either need to license all users, or disable the feature? That are the two real options we have to be compliant with Microsoft Licensing from your knowledge?
MicrosoftI understand why the documentation can be confusing. I'll ask to update it.
Thank you.
- Hi Martin,
I just got an update from Microsoft support.
The information I got is that the only way to properly limit the service benefits, is to move the users that should have MDI to a separate tennant.
I asked multiple times if this is the only way, which they said it was.
It would be highly appreciated if this information is stated in the documentation, as this makes it fairly complicated to be compliant in this scenario. If not impossible in real life scenarios.
Cheers.- Martin_Schvartzman
I agree, it is not really a valid solution in real life. I'll discuss this with the support teams.
Thank you for the feedback.