License requirements for MDCA

Brass Contributor

When I read the prerequisite of license requirements in (https://learn.microsoft.com/en-us/defender-cloud-apps/get-started#prerequisites) 

 

"In order for your organization to be in compliance for licensing Microsoft Defender for Cloud Apps, you must obtain a license for every user protected by Microsoft Defender for Cloud Apps."

 

What is the definition of a protected user?

 

If I enable to get logging from Defender from Endpoints, will that mean all these users need a license as all their traffic is coming into MDCA? This could be classified as "monitoring". Or will a license only be required if I create an action policy, like a BLOCK or PROTECT policy?

4 Replies
It seems this is a difficult topic. So hopfyllu somebody can comback about.

The same counts fro Defender for Identity licenses. Not every user in the enterprise will assigned an E5 license, as we have different type of users. So, can we protect all identitites where only a part of the users will have a E5 (other E1 or F1), and some E3.
Hi RVC,
I'm not aware of a way around the licensing. From my experience your users will need to be under an E5 license in order for Defender for Cloud to be used. It has nothing to do with Defender for Endpoint which can be purchased outside of an E5 license.
I'd suggest talking to your Microsoft partner for clarity.

@RVC 

I think you have 2 questions here.

  1. Licensing - "a license for every user protected by Microsoft Defender for Cloud Apps" - this is simply the users who you want to protect/cover under MDA. This includes-
      > Shadow IT discovery (native integration with MDE as optional)
       > Conditional access app control
    > Connected Apps (API)

  2. Integration with Defender for Endpoint - which is a part of the Discovery and Risk Assessment capabilities of MCAS (in short shadow IT)- Govern discovered apps using Microsoft Defender for Endpoint | Microsoft Learn, this integration gives 2 options like monitoring and sanctioning (blocking app). Both need Microsoft Defender for Cloud Apps license assigned to such users (who need to be protected) because the MDE integration also acts as the log collector storage (how it works).
From licensing compliance point of view, yes, we should acquire the *requisite* license for all the users we plan to protect.
https://learn.microsoft.com/en-us/defender-for-identity/prerequisites#licensing