Forum Discussion
Solved
ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?
Good evening all!
I have have Azure defender for "SQL servers on machines" enabled on my primary Log Analytics workspace...
I have discovered that instances of SQL running on developer machines and other instances that I prefer not to monitor and be billed for in ASC have been included. I would prefer to stop "protecting" them and target only a specific set of SQL instances in my workspace...
Will "Solution targeting" within the SQLAdvancedThreatProtection and SQLVulnerabilityAssessment solutions within that workspace allow me to scope coverage and then eliminate the meter charges in Azure for the defender security services?
Is there an alternative approach I am missing?
Thank you for your time and consideration, and I think this product is AMAZING!
- Hi Austin, thanks for your kind words!
Currently, there are two ways to target resources with a finer resolution than subscriptions:
1. using a custom workspace managing those resources separately
2. solution targetting
So in your case seems indeed that solution targeting is the best option.
5 Replies
- Marked mimakh as best response though it would be helpful for confirmation on my latest question, and might be helpful if the response were documented. ie: which solutions should be targeted so as to avoid the "protection" and "assessment".
to add additional clarification... The machines that I would like to exclude from scope are connected to the ASC monitored workspace and not using the ARC agent. I would prefer to leave the machines connected to the workspace while excluding them from the protection scope of Azure defender for "sql servers on machines".
- Hi Austin, thanks for your kind words!
Currently, there are two ways to target resources with a finer resolution than subscriptions:
1. using a custom workspace managing those resources separately
2. solution targetting
So in your case seems indeed that solution targeting is the best option.mimakh Thanks for your feedback... do you know, would it be BOTH solution related to SQL within the workspace?
