You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/defender-experts-scoped-coverage.md
+10-6Lines changed: 10 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ ms.custom:
17
17
- cx-ti
18
18
- cx-dex
19
19
search.appverid: met150
20
-
ms.date: 12/19/2024
20
+
ms.date: 12/20/2024
21
21
---
22
22
23
23
# Scoped coverage in Microsoft Defender Experts for XDR
@@ -34,23 +34,27 @@ Devices and users that are out of scope won't be supported by Defender Experts.
34
34
35
35
## Using Defender Experts scoped coverage
36
36
37
-
Defender Experts create a predefined Microsoft Defender for Endpoint device group or a Microsoft Entra ID user group in the Microsoft Defender portal to which you can add devices and users, respectively. The default name assigned to the created device or user group begins with **Defender_Experts_Scoped_Coverage_**.
37
+
You can create a predefined Microsoft Defender for Endpoint device group or a Microsoft Entra ID user group in the Microsoft Defender portal to which you can add devices and users, respectively. The default name assigned to the created device or user group is:
38
+
39
+
-**Defender_Experts_Scoped_Coverage_Devices**.
40
+
-**Defender_Experts_Scoped_Coverage_Users**
38
41
39
42
:::image type="content" source="media/defender_scoped_devices.png" alt-text="Screenshot of Defender Experts Scoped devices." lightbox="media/defender_scoped_devices.png":::
40
43
41
44
The devices and users you add to these groups are then considered as the set of assets that are in scope for this service.
42
45
43
46
> [!IMPORTANT]
44
-
> Defender Experts need **System administrator** permissions to create the device and user groups. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts)
45
-
>
46
-
> The device group must also be in the highest order of priority for the devices under it to be considered in scope. This is a known product limitation.
47
+
> Defender Experts need **Security admin** permissions to create the device and user groups. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts)
48
+
49
+
> [!TIP]
50
+
> The device group must should be in the highest order of priority for the devices under it, to be considered in scope. This is a known product limitation.
47
51
48
52
Currently, the service doesn't offer support to rename these predefined groups, so we recommend that you don't rename the created device or user group. It also doesn't support nested groups. The devices and users would have to be added individually to the groups created.
49
53
50
54
The following section lists down questions that you or your SOC team might have regarding scoped coverage:
51
55
52
56
1.**What aspects of the XDR service remain consistent with Defender Experts scoped coverage?**
53
-
- This service doesn't change our pricing structure. You still pay for Defender Experts service based on E5 (and servers, Microsoft Defender for Cloud, and Open XDR) for your desired user base.
57
+
- This service doesn't change our pricing structure. You still pay for Defender Experts service based on E5 (Microsoft Defender for Servers) for your desired user base.
54
58
- This service doesn't scope according to individual Microsoft Defender products and services (such as Defender for Endpoint, Microsoft Defender for Office 365, or Microsoft Defender for Cloud). That is, the minimum baseline for scoped coverage is still the E5 license.
55
59
- There's no change in permissions for analysts in Defender Experts for XDR. Defender Experts analysts will still have access to your entire tenant and not just the scoped assets.
0 commit comments