Forum Discussion
Microsoft 365 Developer E5 license lacking endpoints and device ON defender portal
Dear Support Team,
I am a microsoft certified trainer (MCT). I currently have a Microsoft 365 Developer E5 license assigned to my tenant. However, I have noticed that my Microsoft Defender portal (security.microsoft.com) is missing several critical features. For example, I cannot see the Endpoints or Devices menus, which is preventing me from implementing and testing Microsoft Defender for Endpoint.
Additionally, my Azure tenant and Microsoft 365 tenant are separate. This has created challenges when configuring security services such as Microsoft Sentinel (SIEM), as certain prerequisites and integrations require configuration through the Microsoft Defender portal. Due to the missing Defender features, I am unable to complete the necessary setup.
I would appreciate your assistance in understanding:
- Why the Endpoints and Devices sections are unavailable in my Defender portal despite having a Microsoft 365 Developer E5 license.
- Whether additional licensing, onboarding steps, or tenant configurations are required to enable Microsoft Defender for Endpoint features.
- How best to integrate or align my separate Azure and Microsoft 365 tenants to support services such as Microsoft Sentinel and Defender XDR.
These issues are significantly impacting my ability to evaluate and implement Microsoft's security solutions. I would appreciate any guidance or recommendations to resolve them.
1 Reply
Cannot see Endpoints/Devices in security.microsoft.com, also wants Sentinel, has separate Azure and M365 tenants.
Your licensing is actually fine, Developer E5 includes Defender for Endpoint Plan 2. The Endpoints and Devices areas look missing for two reasons that catch a lot of people on dev tenants.
One, the Devices list only populates after Defender for Endpoint is provisioned and you have onboarded at least one device. Go to Settings, Endpoints in the Defender portal, the first visit triggers the service to provision (it can take a little while), and then onboard a test Windows 10 or 11 VM using the onboarding script from Settings, Endpoints, Onboarding. With zero devices the section reads as empty, which looks like it is not there. On dev program tenants the MDE workload sometimes also needs that first manual visit to wake up.
Two, Sentinel is the bigger blocker. Sentinel needs an Azure subscription, and the Microsoft 365 Developer program does not include one. That is why you cannot stand it up. You will need to add an Azure subscription (a free trial or pay as you go works) and create a Log Analytics workspace, then enable Sentinel on it and connect Defender XDR with the data connector.
On the two tenants point, that split is exactly what is making this painful, and the unified Defender XDR plus Sentinel experience really wants to live in one tenant. The cleaner path is to add the Azure subscription under the same Entra tenant as your M365 dev tenant rather than keeping Azure in a separate directory. You can associate a subscription to that directory, and then identities, Defender data and Sentinel all line up.
