this post was submitted on 19 Jun 2023
6 points (87.5% liked)

Sysadmin

7664 readers
103 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago
MODERATORS
6
submitted 1 year ago* (last edited 1 year ago) by Mackerdaymia to c/sysadmin
 

I'm wondering if anyone here can help me get my head around MS Defender for Business. We're currently in the process of switching over and have one month until the contract with our current AV Provider (Sophos) runs out.

So far it's been plain sailing with 100% of our standard users having an MS 365 License which includes defender. They all have "their own" computer so that works out nice and easy. The server licenses/onboarding has been working fine as well following the set process from MS (scripts etc.).

But we also have a few manufacturing departments where computers are shared for ease of use. Following MS's guide, we'd need at least one licensed user (i.e. the main one) per computer to get that working. We were initially hoping we could get away with onboarding the computers and using a single user for all 40+ of them but that seems impossible (MS wants to make money of course)

The workaround we've been considering was using a licensed dummy user per computer that we use to simply sign into MS 365 (for the license). So we'd keep our current structure but then have for example FactoryUserA1 etc. with the license. Simply creating the users would save us a ton of work and I'd rather not have to generate 40+ users in our AD and then painstakingly configure them all to fit our current structure.

Hope I'm making sense here and that someone can help.

Thanks for your time fellow Admins.

UPDATE: We've sorted it out. Our supplier neglected to tell us about the Defender for Endpoint licenses. We were under the false impression that the new licenses could oinly be assigned per user as they are included in the Business Premium package.

you are viewing a single comment's thread
view the rest of the comments
[–] Mackerdaymia 1 points 1 year ago

So the current setup has the 40+ computers being used to control machines or for simple admin - they don't require office programs or anything fancy beyond the occasional bit of industry software and cmd basically. The work is shared out among different teams and the computers need to be running 12+ hours a day constantly so having several users logging in/out, launching programs, forgetting passwords just holds everything up. Obviously it's a liability but they're heavily monitored.

So now we're in the situation where each computer needs a user with a license (due to the Defender licensing model) and I'm essentially being lazy trying to save myself a ton of work and hoping that I'd misunderstood the process, allowing a workaround of some variety.