Azure Dynamic Groups for all Microsoft Defender for Endpoint Licensed Users

I always find using Microsoft Azure Active Directory dynamic groups much easier to use when assigning policies, for example Defender for Endpoint onboarding policies via Intune.

Microsoft Defender for Endpoint included with M365 licensed user rule syntax

user.assignedPlans -any (assignedPlan.servicePlanId -eq “871d91ec-ec1a-452b-a83f-bd76c7d770ef” -and assignedPlan.capabilityStatus -eq “Enabled”)

Microsoft Defender for Endpoint plan 1 licensed user rule syntax

user.assignedPlans -any (assignedPlan.servicePlanId -eq “292cc034-7b7c-4950-aaf5-943befd3f1d4” -and assignedPlan.capabilityStatus -eq “Enabled”)

Microsoft Defender for Endpoint DLP

user.assignedPlans -any (assignedPlan.servicePlanId -eq “64bfac92-2b17-4482-b5e5-a0304429de3e” -and assignedPlan.capabilityStatus -eq “Enabled”)

Microsoft Defender for Vulnerability Management add-on

user.assignedPlans -any (assignedPlan.servicePlanId -eq “36810a13-b903-490a-aa45-afbeb7540832” -and assignedPlan.capabilityStatus -eq “Enabled”)

Cloud-Secure.ai

Boost your security posture with the power of ai

Azure Dynamic Groups for all Microsoft Defender for Endpoint Licensed Users

Leave a comment Cancel reply

Share this:

Related

Leave a comment Cancel reply