This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 35%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Hi all,
We're in the process of onboarding all our endpoints into Microsoft Defender for Endpoint and have acquired the necessary licenses for our devices. However, our organization doesn't currently use Entra ID (formerly Azure AD) for user management, and we're not syncing our on-premises Active Directory to the cloud. As a result, we can't assign the Defender for Endpoint licenses to individual users in the traditional way.
Is it a strict requirement to assign these licenses to users in Entra ID, or can we remain compliant with our licensing terms by simply having the correct number of licenses for our devices without user assignment?
You have an Entra ID tenant, you just don't know it. Entra is a prerequisite to the Defender XDR portal. You can use entra.microsoft.com or the Azure portal to explore. You should find your E5 licenses in the portal under Entra > licensing.
MDE does not perform license validation. Your end-user devices are part of the E3 or E5 license. These is a separate license for Windows and Linux servers. You can purchase a stand-alone license for servers for a reseller or used Defender for Servers (which includes MDE).
Entra is also required for Office 365 and Intune.