Microsoft Defender for Identity will soon offer Active Directory domain-based scoping in public preview starting June 2025 and general availability by August 2025. This feature allows organizations to control access based on AD domains, enhancing security and operational separation. No admin action is required for the rollout.
Coming soon in Microsoft Defender for Identity (MDI): The public preview of Active Directory domain-based scoping. This capability is a foundational step in extending role-based access control (RBAC) as part of the broader XDR unified role-based access control (URBAC) initiative.
This new capability enables organizations to define and refine the scope of Microsoft Defender for Identity monitoring, providing more granular control over which entities and resources are included in security analysis.
Many organizations using Defender for Identity operate across multiple Active Directory domains and need a way to delegate access based on responsibility or ownership. As organizations grow and manage complex identity environments, the ability to control who can access what (and where) is critical. Customers have this capability for Microsoft Defender for Endpoint with device groups and are expecting a similar capability for Defender for Identity.
When this will happen:
Public Preview: We will begin rolling out early June 2025 and expect to complete by late June 2025.
General Availability (Worldwide): We will begin rolling out late July 2025 and expect to complete by late August 2025.
How this will affect your organization:
With AD domain-based scoping currently available for Microsoft Defender for Identity, organizations can limit visibility and investigation access based on Active Directory domains using XDR URBAC. This provides more control over who can access which alerts, activities, and identity data—supporting operational separation and minimizing unnecessary exposure across teams.
What you need to do to prepare:
This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your admins about this change and update your relevant documentation.
This feature is available by default for admins to configure. No configuration is applied by default. To enable scoped access, go to Microsoft Defender XDR > Permissions and roles. On the Assignment page, select Microsoft Defender for Identity as the data source and define the relevant Active Directory domains for each role.
Learn more: What's new - Microsoft Defender for Identity | Microsoft Learn