Forum Widgets
Latest Discussions
Defender for AI data storage/processing
Hi, does anyone know where the data that Defender for AI uses is processed and what data is stored and available to Microsoft? If abuse monitoring is turned off, the documentation says "Microsoft does not store the prompts and completions associated with the approved Azure subscription." If content filtering is enabled the documentation says "Noo prompts or generated content are stored in the content classifier models." https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy?tabs=azure-portal#preventing-abuse-and-harmful-content-generation But I was wondering what data is stored/processed, where this happens and if there's any documentation around this for the Defender for AI service. Could anyone point me to a page, please? Thanks, Neil.SolvedneiltreebeardMay 22, 2025Copper Contributor141Views0likes3Comments
Defender for Cloud CSPM for Arc VMs
Hi Team, Could you please clarify whether Arc-enabled VMs in on-premises environments count as billable resources for Defender CSPM (the paid plan vs foundational)? The table that lists billable resources here https://learn.microsoft.com/en-gb/azure/defender-for-cloud/concept-cloud-security-posture-management#plan-pricing does not include "microsoft.hybridcompute/machines" , so am I correct in thinking that Arc-enabled VMs won't be billed as a CSPM resource? What if any Defender CSPM capabilities are available for Arc-enabled VMs? Is there a way to view what billable resources I have in the portal? Thanks, T.Solvedpikatom123Nov 28, 2024Copper Contributor140Views0likes1Comment
Disable Defender for Servers at resource level
See snippet from MS article below - cant seem to find any guidance on how to disable at resource level and what the caveats are. If i have it enabled at the subscription for P1 then now do i go about with the following: * Disable on certain machines * understand if im still being billed even with it disabled * how do i do this at scale Disable Defender for Servers on the resource level To disable The Defender for Servers plan or any of the features of the plan, navigate to the subscription or workspace and toggle the plan to Off. On the resource level, you can enable or disable Defender for Servers plan 1. Plan 2 can only be disabled at the resource level For example, it’s possible to enable Defender for Servers plan 2 at the subscription level and disable specific resources within the subscription. You can't enable plan 2 only on specific resources.SolvedikazimirsOct 14, 2024Copper Contributor2.6KViews0likes3Comments
New resources appear in the Microsoft Defender for Cloud recommendations
Hello All, I have been working on exempting some resources from DFC recommendations, however recommendations which i have already completed appear to have new "unhealthy" resources in them which were not present before. Do you know why is that. My understanding is that after initial evaluation of the env is made all healthy and unhealthy and not applicable resources should appear within a certain recommendation. In my case however i can say that there were no newly added or modified resources. Everything has been the same. To give you an example - I had to exempt 1 unhealthy key vault (out of 13) as per the recommendation. After 2 weeks 5 more appeared as unhealthy. Thank you!SolvedNNedelchevJan 30, 2024Copper Contributor727Views0likes4Comments
Unable to exempt a resource in Defender for cloud
Hi Folks, I am getting an error while trying to exempt a resource from Microsoft defender for cloud. I have all the required permissions and I can see this error only in 4 of my subscriptions while the same exemption is working in other subscriptions. Can anyone please help me to understand the issue?? The error observed is pasted below: Creating a disable rule on selected items failed. {"type":"MsPortalFx.Errors.AjaxError","baseTypes":["MsPortalFx.Errors.AjaxError","MsPortalFx.Errors.Error"],"data":{"uri":"https://management.azure.com/providers/Microsoft.Management/managementgroups/xxxxxx/providers/Microsoft.Authorization/policyAssignments/xxxx?api-version=2022-06-01","type":"PUT","pathAndQuery":"","requestId":"xxxxx","failureCause":"","sessionId":"xxxxx","commandName":"Microsoft_Azure_Security.","status":400,"statusText":"error","duration":1793.3999999761581},"extension":"Microsoft_Azure_Security","errorLevel":2,"timestamp":11408643.299999952,"name":"AjaxError","innerErrors":[],"textStatus":"error","errorThrown":"","jqXHR":{"readyState":4,"responseText":"{\"error\":{\"code\":\"PolicyEntityMetadataTooLarge\",\"message\":\"The policy entity 'xxxx' is invalid. The size of the metadata property is '65900' bytes, which exceeds the limit of '65536' bytes.\"}}","responseJSON":{"error":{"code":"PolicyEntityMetadataTooLarge","message":"The policy entity 'xxxxx' is invalid. The size of the metadata property is '65900' bytes, which exceeds the limit of '65536' bytes."}},"status":400,"statusText":"error"}}SolvedsreekyNov 07, 2023Copper Contributor1.9KViews0likes3CommentsMDfC CSPM pricing - Billable resources for AWS
According to the Microsoft Defender for Cloud https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/, the Defender CSPM cost is dependent on certain Billable resources! Does anybody know what are the Billable resources for an AWS account?SolvedJavaripaOct 09, 2023Brass Contributor644Views0likes1CommentDefender for Devops showing deleted connection repositories
I removed a github connection in my defender for devops portal however the repositories are still in the portal both in the defender inventory and also when i create a new connection to a different github org. There doesnt seem to be any way to delete these github repos from the defender for devops portal. Does anyone have any idea how this can be done? I've gone as far as to turn off defender for cloud on my subscription but this doesn't seem to work as the inventory still shows these old github repositories and alerts.SolvedcraggabSep 20, 2023Copper Contributor1.1KViews0likes6Comments
SQL Advanced Threat Protection - Requirements Unclear
When configuring Defender for SQL, nothing suggests auditing is required for ATP to work. However, when looking at audit section https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?view=azuresql#remarks i one of the points says "After you've configured your auditing settings, you can turn on the new threat detection feature... This seems to be a requirement for SQL on Machines, however, is it for Azure SQL workloads? (MI & DB)SolvedRoberts951Sep 04, 2023Copper Contributor1.3KViews0likes6Comments
Activating Defender for Server Plan 1 and Plan 2 in the same Subscription
Hi Community, i would like to learn if we activate the defender for server plan 1 for some Endpoints (for some Resource Groups maybe) and Plan 2 for other Endpoints. I know already that the Plan 1 can only be activeted at subscription level but i am wondering if there is a way to use two plans simultaneously in order to reduce the costs of defender for server plan 2. Thanks in advance.SolvedmhmmdrnAug 28, 2023Copper Contributor2KViews0likes2Comments
Resources
Tags
- cloud security98 Topics
- cloud security posture management37 Topics
- security33 Topics
- Azure Defender for Servers26 Topics
- microsoft defender for endpoint26 Topics
- azure25 Topics
- threat protection20 Topics
- vulnerabilities17 Topics
- best practices13 Topics
- security controls12 Topics