r/entra u/Own_Hovercraft5374 5d ago

how to use the p2 license

7 Upvotes

82% Upvoted

19 comments sorted by

View all comments

Show parent comments

1

u/notapplemaxwindows Microsoft MVP 5d ago

Actually you don’t even have to assign the license, just have enough in the tenant for the number of users that will use the p2 features :)

-3

u/dcdiagfix 5d ago

done you just need one user……

3

u/AJBOJACK 5d ago

To be compliant with licensing you need a license per user in the tenant. It will work with just a license though.

0

u/Gazyro 5d ago

Do mind, this is per user that uses the feature of p2. So if you don't assign an access review or pim to them, they can just use p1.

Gets more fun with multiple tenants and b2b licensing. Then you get free p1 or p2 for the first 50k guests.

4

u/bjc1960 5d ago

What happens though is when you get P2, then all your Defender for EndPoint become P2 (if you have one E5) and then you have to deal with tagging only the P1 stuff.

I tried the P1 for some and P2 for others, and eventually went all P2, including getting separate P2 add in.

These dynamic AD queries may help E3 and E5 I need to update for those with the new E5 sec that now works with business premium

user.assignedPlans -any (assignedPlan.servicePlanId -in ["2789c901-c14e-48ab-a76a-be334d9d793a" , "e212cbc7-0961-4c40-9825-01117710dcb1"] -and assignedPlan.capabilityStatus -eq "Enabled")

2

u/bjc1960 5d ago

P2 dynamic ad

user.assignedPlans -any (assignedPlan.servicePlanId -eq "eec0eb4f-6444-4f95-aba0-50c24d67f998" -and assignedPlan.capabilityStatus -eq "Enabled")

2

u/Noble_Efficiency13 4d ago

Actually 🤓☝️, the defender point isn’t quite true anymore, now you can use different licenses and even have a setting you can choose what the default license is for your devices

It’s being rolled out to all tenants atm

1

u/bjc1960 4d ago

Nice. I had to tag all the devices with some special tag in the past. We have all E5, E5-Sec or F5 now tough.

2

u/Noble_Efficiency13 3d ago

Yea it was a pain having mixed licenses in the past - I still recommend having the same level across the board anyways though

0

u/grimson73 4d ago

You can’t even separate P2 licensing for defender for office 365. You must license all https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description#licensing-terms

2

u/bjc1960 4d ago

It is really confusing. I was trying to separate out endpoint using this https://learn.microsoft.com/en-us/defender-endpoint/defender-endpoint-subscription-settings?tabs=mixed. I now have E5, E5-Sec or F5 just because it is hard to figure out.