Defender for Identity Improves Delegation with Scoped Access

• Scoped access, a new Defender feature, offers the ability to constrain which Active Directory domains each administrator handles.
• It improves manageability by partitioning and delegating Defender for Identity administrative responsibilities without added costs. 
• Environments deployed before Mar. 2025 will need to also deploy unified role-based access control (URBAC) to enable scoped access.

Defender for Identity’s scoped access feature enables organizations to limit individual administrators’ visibility to only their assigned Active Directory (AD) domains. It enhances security by reducing incident noise for admins, narrowing the exposure for each domain, and supporting compliance by aligning admin responsibilities with business divisions or regions. However, scoped access is still maturing, so some admin features are unavailable, and it is limited to Defender for Identity’s view of AD domains.

Scoped Access Focuses Administrators

Normally, Defender for Identity shows all of an organization’s AD domains connected to it, which can result in an overwhelming volume of data and incidents for each administrator to review. Scoped access focuses the view each administrator sees in Defender for Identity by including only the domains for which that administrator is responsible. For example, consider an organization that has three AD domains: adatum.com, contoso.com, and cpandl.com, with one Defender for Identity administrator for each (three in total).