Microsoft is committed to delivering best of breed, multi-platform, and multi-cloud security for all organizations on the planet. Our aim is to offer simplified, comprehensive protection that prevents breaches and enables our customers to innovate and grow, delivering security for all. As part of that commitment, last year our foundational set of industry leading prevention and protection capabilities became available for customers to purchase through Defender for Endpoint Plan 1. This offering is available as a standalone and also through various packages, including Microsoft 365 E3/A3. It delivers on our endpoint security promise to help organizations of all sizes to rapidly stop attacks, scale their security resources, and evolve their defenses.
As the largest market share leader for endpoint security, we've seen a growing segment of customers consuming a mix of SKUs, such as Defender for Endpoint Plan 1 and Plan 2. Customers sometimes need different sets of capabilities on devices in a single environment, depending on the level of risk associated with each device. To accommodate these mixed licensing scenarios, Defender for Endpoint customers can now control how licenses are applied with minimal friction and management overhead.
This new preview capability, mixed licensing support, allows customers to use different Defender for Endpoint licenses on different devices, depending on their security needs, without having to set up multiple subscriptions. They can access a report that details the current license state and usage.
In this article, we'll explore the available mixed licensing scenarios and provide a step-by-step guide on how to try them out in your environment. For full details, please see 'Manage your Microsoft Defender for Endpoint subscription settings across client devices' on Microso....
Please note:
Phase 1: Mix mode enablement
You should have active trial or paid licenses for both Defender for Endpoint Plan 1 and Plan 2, or Microsoft Defender for Server Plan 1/Plan 2, and one of the following roles assigned in Azure Active Directory (Azure AD): Global Admin, Security Admin, License Admin + MDE Admin
6. The licenses usage report estimates utilization across your organization. This report might take up to 3 hours to tag assignment to propagate.
Phase 2: Mixed mode - Validate license assignment at scale using dynamic tagging.
You can define the Defender for Endpoint Plan 1 tagging criteria easily at scale using the new dynamic tagging engine.
Dynamic rules can help manage device context by assigning tags and device values automatically based on certain criteria. This will save time and ensure accuracy. For example, tagging devices with a specific OS version or assigning a value to devices with a particular naming convention. Dynamic rules also ensure devices remain relevant by removing tags or updating values when criteria are no longer met.
The dynamic engine will assign all devices meeting the specified condition with the “License MDE P1” tag.
1. As an admin, go to the Microsoft 365 Defender portal and sign in. Go to Settings > Endpoints > License and then select Manage subscription settings. Select the Dynamic rule option.
2. Specify one or more criteria for client endpoints to tag those devices with the “License MDE P1” using Dynamic tagging.
3. Save your rule. Check after 3 hours for the updated tagging and usage report.
By following the steps outlined in this article and documentation, you can enable mixed licensing support and validate license assignment at scale using dynamic tagging. This will not only help you optimize your licensing usage and save costs, but also ensure compliance with your licenses in your environment.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.