Microsoft 365 Tenant-Level Services

//

Chris van der Zwan

What Are Tenant-Level Services?

Tenant-level services are online services that, once activated, are automatically enabled for all users in your organization. This means every user must have a valid license for these services, or proactive measures must be taken to restrict access to specific user groups.

Typically, tenant-level services focus on audit and security features, ensuring the safety and compliance of your tenant and its data.

Which Products Are Affected?

The majority of Security and Compliance products are tenant-level services. Below is the list of affected products:

  • Microsoft Entra
    • ID Governance
    • ID Protection
  • Microsoft Defender
    • Business
    • Cloud Apps
    • Endpoint
    • IoT – Enterprise IoT Security
    • Vulnerability Management
    • Identity
    • Office 365
  • Microsoft Purview
    • Advanced Message Encryption
    • Message Encryption
    • Audit
    • Communication Compliance
    • Compliance Manager
    • Customer Lockbox
    • Data Connectors
    • Data Lifecycle Management
    • Records Management
    • Data Loss Prevention (DLP) for Endpoint, Exchange Online, SharePoint Online, OneDrive for Business, and Teams
    • Graph APIs for Teams DLP and Teams Export
    • eDiscovery
    • Information Barriers
    • Information Protection (Customer Key, Sensitivity Labeling, Double Key Encryption, Data Classification Analytics)
    • Insider Risk Management
    • Forensic Evidence
  • Microsoft Priva
  • Privileged Access Management in Office 365
  • Compliance Program for Microsoft Cloud

Enabling Tenant-Level Services for Specific Users

Most tenant-level services can be restricted to specific users. However, implementing these limitations requires careful configuration, as the process varies depending on the service. For detailed guidance, Microsoft provides documentation here: Microsoft Learn – Licensing Guidance.

Challenges with Certain Services

Some tenant-level services cannot be limited to specific users, or it is particularly difficult to do so. These include:

  • Microsoft Defender for Identity
  • Microsoft Defender for Office 365 Plan 2
  • Most Microsoft Purview products

For these services, appropriate licenses are required for all users who may benefit from them.

Important Considerations for Licensing

Microsoft states the following about tenant-level services:

“Though some tenant services are currently not capable of limiting benefits to specific users, appropriate subscription licenses are required for use of each online service.”

It’s important to note that Microsoft’s Product Terms often lack specific mention of tenant-level services, despite references in related documentation. To ensure compliance, follow this rule of thumb:

  1. Are all users able to benefit from the service?
  2. Have you proactively disabled the service for certain user groups?

If the service benefits all users and no proactive measures were taken to restrict access, licenses must be assigned to all users.

Final Thoughts

Understanding and managing Microsoft 365 tenant-level services is critical for ensuring compliance and security in your organization. Always verify licensing requirements and take proactive steps to restrict services when needed. For further details, consult Microsoft’s official licensing documentation.

By staying informed and compliant, you can make the most of your Microsoft 365 investment while safeguarding your organisation.

Contact Us

If you have any questions or need assistance with Microsoft 365 tenant-level services, our team of experts is here to help.

📧 Email us at: info@2-data.com

Leave a Comment

Contact Us

United Kingdom

Netherlands

South Africa

United States

Singapore

United Arab Emirates