SOLVED

Microsoft Defender for Endpoint P2

New Contributor

Good day team,

In our organization we have the Microsoft 365 E3 license which includes MDE P1. We are looking to add on the additional features provided by MDE P2. 

For testing purposes we purchased 5 MDE P2 licenses including one for myself. It seems like I can enable the P2 features for users who we did not assign one of these P2 licences to. I was able to add the Endpoint Detection and Response feature which is P2 according to this link:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2...

Does this mean that we do not need to assign a license to all users and instead only assign a license to the admins who need access to the portal to enable these features?

2 Replies
best response confirmed by Heike Ritter (Microsoft)
Solution
Hello!!
As of now, you don't assign licenses for MDE to users or devices. It's a trust-based model- you purchase XXX licenses, and we trust you, that you only onboard XXX devices :)
I don't have details on how Engineering will solve the mixed licensing situation (P1, P2, business) in the future, maybe assigning licenses will be needed at some point.

Found this for you in our documentation:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2...
Mixed licensing scenarios:
Suppose that your organization is using a mix of Microsoft endpoint security subscriptions, such as Defender for Endpoint Plan 1 and Defender for Endpoint Plan 2. Currently, the highest functional Microsoft endpoint security subscription sets the experience for your tenant. In this example, your tenant experience would be Defender for Endpoint Plan 2 for all users.

Thank you for confirming @Heike Ritter