Hi All,

So the requirements are for all users to be licensed but how does MDI know whether a licence has been bought and assigned to all users in your azure tenant??


Kind regards,



3 Replies


See Microsoft 365 guidance for security & compliance - Service Descriptions | Microsoft Docs:

Microsoft Defender for Identity services aren't currently capable of limiting capabilities to specific users. You must license every user you intend to benefit. In scenarios where one user may have multiple accounts in Active Directory, for example, different administrative accounts for different domains/forests, the requirement is to only have one license for this one person.

Similarly, there is no requirement to license service accounts, or any account that facilitates automation. Only human users need to be licensed.


Thanks Martin,
Read that section several time but it doesn't answer my question. Does the technology know whether or not the users are licensed or is this a 'trust' that you have scenario?
best response confirmed by rob_wood_8894 (Contributor)


It's a "we trust that you have the licenses" scenario.