cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Licensing - Limit Defender for Identity to certain users

Robin_Inderberg
Copper Contributor

‎May 30 2023 07:23 AM

‎May 30 2023 07:23 AM

Licensing - Limit Defender for Identity to certain users

Hi,

 

I have seen similar questions regarding licensing before, but not this one in particular.

 

Right now I am working with a client who would like to use Defender for Identity, but only for a certain part of their organization. 

 

From what I can read in the Microsoft Documentation, this should be possible, as long as you take efforts to limit the use to those who have the proper license. 

 

URL: https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/m...

 

Copied from the above URL: 

"How can the service be applied only to users in the tenant who are licensed for the service?

Microsoft Defender for Identity services are currently not capable of limiting capabilities to specific users. Efforts should be taken to limit the service benefits to licensed users."

 

My question in specific is, that are the correct efforts that Microsoft is mentioning in their documentation, that limits the service benefits? Would that be to use "Global excluded entities"? And exlude all but those users who have the license applied?

All users is in the same domain, so I am unable to use that feature unfortunately. 

 

If someone have any feedback or information regarding this, I would be really happy to hear about it. 

 

Cheers,

 

Robin

2,282 Views
0 Likes
9 Replies
Reply
9 Replies
eliekarkafy

‎May 30 2023 07:59 AM

‎May 30 2023 07:59 AM

Re: Licensing - Limit Defender for Identity to certain users

so all your users are licensed with a license that include the MDI plan ? and you want to exclude some users from the detection rules of your MDI ?
0 Likes
Reply
Robin_Inderberg

‎May 30 2023 08:20 AM

‎May 30 2023 08:20 AM

Re: Licensing - Limit Defender for Identity to certain users

Hi @eliekarkafy,

 

Thanks for your response.

 

The customers have bought X amount of individual Defender for Identity licenses to cover X amount of users in their organization.

 

I just want to make sure that we do the correct efforts from a Microsoft perspective to "limit the service benefits" for the rest of the unlicensed users. If that makes any sense?

 

Best regards,

 

Robin

0 Likes
Reply
best response confirmed by Robin_Inderberg (Copper Contributor)
eliekarkafy

‎May 30 2023 08:37 AM - edited ‎May 30 2023 08:38 AM

‎May 30 2023 08:37 AM - edited ‎May 30 2023 08:38 AM

Solution

Re: Licensing - Limit Defender for Identity to certain users

Correct, excluding your unlicensed users from MDI will help avoid potential service disruption to your organization as Some tenant services are not currently capable of limiting benefits to specific users. I recommend you to exclude the unlicensed users from the detection rules to make sure that this will not affect you in the future, open a case with the licensing team to make sure that you're covering the scenario as it should be.

0 Likes
Reply
Robin_Inderberg

‎May 30 2023 10:57 PM

‎May 30 2023 10:57 PM

Re: Licensing - Limit Defender for Identity to certain users

@eliekarkafy, thanks a lot for your time and effort to help me out answering my question.

I will ping the licensing team just to make sure that we do an effort that is good enough from their perspective. I'll put the response in this thread for you guys to read, hopefully it can help someone else in the future :)

Cheers!
1 Like
Reply
Martin_Schvartzman

‎May 31 2023 12:26 AM

‎May 31 2023 12:26 AM

Re: Licensing - Limit Defender for Identity to certain users

@Robin_Inderberg 

MDI provides security value (posture, detection, investigation, response, etc.) to the entire organization or domain, rather than provide a specific capability to specific users or groups. As a result, it's not possible to scope the deployment or licensing to just part of the organization. This is actually a good thing, since attackers could come from outside the scope of any given user or group, and MDI needs to be able to detect and prevent such attacks regardless of their origin. By providing security value to the entire organization, MDI helps ensure that the entire organization is protected from a wide range of potential threats.

0 Likes
Reply
Robin_Inderberg

‎May 31 2023 12:36 AM

‎May 31 2023 12:36 AM

Re: Licensing - Limit Defender for Identity to certain users

@Martin_Schvartzman 

 

Thanks for taking time to respond to my question.

Are you telling me that there is no way of excluding non licensensed users, even though you state the following in the documentation? To me, that sentence sounds like you are opening up to use the feature for a limited amount of users. But what makes it hard for us as users / consultants is the fact that Microsoft isn't clearly stating what efforts are valid from their perspective. 

 

"Microsoft Defender for Identity services are currently not capable of limiting capabilities to specific users. Efforts should be taken to limit the service benefits to licensed users.

 

So we either need to license all users, or disable the feature? That are the two real options we have to be compliant with Microsoft Licensing from your knowledge? 

0 Likes
Reply
Martin_Schvartzman

‎Jun 01 2023 02:47 AM

‎Jun 01 2023 02:47 AM

Re: Licensing - Limit Defender for Identity to certain users

@Robin_Inderberg 

I understand why the documentation can be confusing. I'll ask to update it.

Thank you.

0 Likes
Reply
Robin_Inderberg

‎Jun 13 2023 02:43 AM

‎Jun 13 2023 02:43 AM

Re: Licensing - Limit Defender for Identity to certain users

Hi Martin,

I just got an update from Microsoft support.

The information I got is that the only way to properly limit the service benefits, is to move the users that should have MDI to a separate tennant.
I asked multiple times if this is the only way, which they said it was.

It would be highly appreciated if this information is stated in the documentation, as this makes it fairly complicated to be compliant in this scenario. If not impossible in real life scenarios.

Cheers.
0 Likes
Reply
Martin_Schvartzman

‎Jun 13 2023 11:46 AM

‎Jun 13 2023 11:46 AM

Re: Licensing - Limit Defender for Identity to certain users

@Robin_Inderberg 

I agree, it is not really a valid solution in real life. I'll discuss this with the support teams.

Thank you for the feedback.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Robin_Inderberg (Copper Contributor)
eliekarkafy

‎May 30 2023 08:37 AM - edited ‎May 30 2023 08:38 AM

‎May 30 2023 08:37 AM - edited ‎May 30 2023 08:38 AM

Solution

Re: Licensing - Limit Defender for Identity to certain users

Correct, excluding your unlicensed users from MDI will help avoid potential service disruption to your organization as Some tenant services are not currently capable of limiting benefits to specific users. I recommend you to exclude the unlicensed users from the detection rules to make sure that this will not affect you in the future, open a case with the licensing team to make sure that you're covering the scenario as it should be.

View solution in original post

0 Likes
Reply