Security Competency - Active Entitlements
I have a question about Security Competencys requirement about Active Entitlements.
- Intune Active Entitlements - 829
- Azure Active Directory Premium Active Entitlements - 495
- Azure Information Protection Active Entitlements - 7
Could anyone please explain how these numbers really come together?
Because for me it seems that EMS licenses doesnt count somehow towards the Intune Active Entitlements number.
There is an explanation that: Active Entitlement: When a purchased license is assigned to an end-user and end-user has performed an intentional action on the workload in last 28 days.
Do anyone know what is referred as "intentional action"? What is considered intentional action?
Thank you in advance
Hi @Isluru ,
Thank you for reaching out to the community for this matter!
For the security competency you can review all the details here : https://partner.microsoft.com/sk-sk/membership/security-competency and here additionally https://support.microsoft.com/en-us/help/3045939/digital-partner-of-record-dpor.
The numbers you provided are according to your Partner Center dashboard ?
In terms of active entitlements you need to reach 1 of those targets specified below, not summed up together:
1K active entitlements in Microsoft Intune or 1K active entitlements in Azure Information Protection or 1K active entitlements in Azure Active Directory Premium (AADP) within the last 12 months.
Intentional action is An action taken by a user to purposefully engage with a seat based online service or any action that triggers meter on a consumption based online service.
Hope this helps,
I have read all those articles and webpages through, but still I don't understand what exactly user needs to do for example to trigger the meter of Intune? Does user need to hit some conditional access policy or something similar?
No, I don`t believe is about a conditional access policy, but rather a matter of actually using the services since the competency is measured on active users.
Being an active user sounds like being authenticated in Intune for example, however I don`t want to assume.
Allow me to check this in detail how exactly, and get back on this thread as soon as possible.
I was able to pull out some information.
Please see the guide attached pages 12&13 and I am adding here a snip.
For Intune the "intentional use" mentioned in the competency requirements would not be the user, but the device. The device would be checking to see if there is any new policies or actions that the device needs to perform each time the user signs in.
The customer needs to assign a license after purchase, so that is used.
Additionally you need to be attached to that customer for reporting purposes, so numbers add up. (To qualify, you will need to be associated as the EMS or Microsoft Intune Delegated Administrator, Transacting Partner, FastTrack Partner, or Digital Partner of Record.)
Microsoft Intune: A customer will be considered actively using if they meet one
of the following criteria for Intune purchased as standalone or as part of EMS:
▪ 1 or more managed devices (PC + iOS, Android) that is checked-in during
the last 28 days OR a co-managed device with at least one
feature/scenario moved from Config Manager (SCCM) to Intune.
▪ Have Mobile Application Management (MAM) policy assigned
▪ Devices with no users associated (for example kiosks) enrolled in the last
Hi @Isluru ,
You are very welcome!
As far as I know, every Fiscal Year , but a best practice and a recommendation from my side would be to check at least quarterly for changes/ updates.
Typically you should also see in your Partner Center dashboard if you need to comply with any new requirements and such.
Thanks for the explanation.
I also have a question about this, this is all about active customers, isn't it? Not just new ones.
I noticed that certain customers are not credited for this competence despite the partner record.
Customer X has approximately 100 active Microsoft 365 E3 licenses.
These are listed in Cloud Productivity as active O365 Entitlements.
Security, on the other hand, does not count towards this competence (both PCs and mobile phones are completely managed by Intune)
I've had this with the security competency and Enterprise Mobility Management.
M365 licenses dont' count towards the competency. Only Intune or EMS+security licenses count. We decided to upsell M365 to some of our customers who previously had O365 and ems licenses only for our numbers to drop significantly. I raised a support ticket only to be told that M365 wouldn't count towards the competencies even though they include the original licenses as part of them.
I never managed to find out why this was and never got a sensible answer.
I can only imagine that the real reason is that there are some awful queries in the back end.
For example, now that 'Azure Security Center Standard' has been renamed to 'Azure Defender for Servers’, our performance for the Security competency has strangely dropped to $0 (presumably the queries are hard coded for the old product name).
Also frustrating that CPOR and PAL associations do not count for Security and EMM, even though they do count for Cloud Productivity and Cloud Platform etc