Forum Discussion
Auto-apply labels in Security and Compliance Center
Tell me, why can a tenant with an E3 license subscription create a policy to Auto-Apply a label in the Security and Compliance center when auto-applying labels is only a feature available to E5 tenants? Now I have a tenant who thought they would be able to find out how much PCI/PII data is being stored on OneDrive and SharePoint, when in fact they cannot because they don't have E5 licenses. They have A3 (E3 for educators essentially) licenses. The auto-apply policy could be created and deployed, but it's not doing a darn thing useful.
8 Replies
Microsoft is usually not enforcing licensing requirements for features, and yes, it's annoying at times. Even more annoying is that some features get enabled by default even when they depend on the license/SKU, but despite how many times we have brought this up, we haven't seen any results.
So you're saying it could work even with an E3 license because it may not be enforced? That's almost worse.
I'm speaking in general terms here, but yes, there are many examples of functionalities that will work even when you have not applied the corresponding license. A basic example is being able to access SPO without a license - everyone in the organization can do so (unless restricted by the site permissions). What's worse is that you can still be flagged for license violations...
This is something you see from time to time fairly commonly.
I will give you my own thoughts on it, please keep in mind I am not affiliated with Microsoft in anyway, but rather just someone who has heavily used O365 for the last 5 years.
I think it is ultimately two factors that lead to this.
1. It was coded that way in development: When the product was being put together/built, the focus is on getting the technology and the features to work and apply correctly. That is where the original effort gets put in. Limitations, specifically licensing ones are not in the original phases of development, but are added in later as the service/feature is built on.
Microsoft has a long history of this. Some other examples: There was no auditing on flow runs forever, even though limiting O365 Group creation was a premium feature you could still create it, Other premium group features were accessible to everyone through Azure AD regardless of your licensing, etc etc.
They develop the technology and get it to work, but dont provide the limitations around it (either in effect, or in your case by disclaimers/limitations to the admin functionality). Luckily they eventually get around to adding stuff like this normally. However I guarantee you will see more of it in the future.
2. They kind of want to show your clients this feature. Lets be honest, this is how allot of the security and compliance center has been since it became the security and compliance center. They show you all the bells and whistles, and what you can do, as they want clients to explore and see the power of them, but they do limit them behind licenses. They are a subscription based service. They want you client to know about labels, and that they can do powerful things like PCI compliance reporting. Now your client has that knowledge they did not before, and it is a business decision on their side if they make it or not.
Think about something like the secure score, that thing is FULL of e5 features and advanced options that are additional licensing.
Kind of annoying as a consultant I know, but I dont necessarily see them changing away from this anytime soon.
Adam
Thanks for the reply Adam. I understand wanting to showcase the bells and whistles and such. I also think that if they are going to display these features regardless of what license is actually in a Tenant, some warning around it wouldn't be amiss. For instance, when an admin clicks on auto-apply, a small pop-up that says "this feature requires an E5 license, do you want to continue" wouldn't be terribly challenging. And it could pop up regardless of the license in the Tenant (so even if you have an E5, you would see the pop-up - then it's less logic around the pop-up). If you're going to showcase the bells and whistles, let users know what they are actually capable of using.
Just my two cents - and it's not worth much more than that.
