search

DMoenks / azure-ad-license-status

Creates an Entra ID license report based on license assignments and consumption
https://dmoenks.github.io/azure-ad-license-status/
Apache License 2.0
0 stars 0 forks source link

Calculations for Defender for Office 365 incomplete #7

Closed DMoenks closed 1 year ago

DMoenks commented 2 years ago

The calculations for Defender for Office 365 currently solely rely on Exchange Online mailboxes. The license terms describe additional scenarios where licenses would be required.

DMoenks commented 2 years ago

To check additional license terms, read access to Defender configuration would be needed, which seems only possible by using Exchange Online PowerShell in combination with the Azure AD Security Reader role as of now, as Graph only provides access to content, not configuration. To eliminate write access for the script and provide necessary read access at the same time, using the Global Reader role instead of a combination of Exchange Recipient Administrator and Security Reader roles might be preferred.

DMoenks commented 1 year ago

Resolving this issue would need clarification based on the following other issues: