Forum Discussion

muhammadhamza's avatar
muhammadhamza
Copper Contributor
Jan 19, 2021

Azure defender for subset of services/resources

Hi There,

I am new to ASC. I enabled azure defender (trial) for my subscription and now want to only enable azure defender for my production workloads not the dev/test. We have all the workloads under same subscription. Is it possible to do that ? 

Thanks

Muhammad Hamza

    • muhammadhamza's avatar
      muhammadhamza
      Copper Contributor
      Hi There,
      I already read this article, it only tells about VM, Our workload have lots of app service plans, storage accounts, SQL servers, key vaults and many other resources. we have all of these resources for dev and prod under a single subscription. Can we somehow enable azure defender for a subset of these resources like on RG level or anything like that or even at resource level ?
      • StanislavBelov's avatar
        StanislavBelov
        Icon for Microsoft rankMicrosoft

        Hi Muhammad,

         

        There is no binary answer to your question. For certain resources (SQL, Storage accounts) Azure Defender currently can be (if you need granularity, assuming it is not enabled on the subscription) enabled at the resource level. For all other supported resource types you need to enable Defender at the subscription level to get full benefit of it.

         

        Also, it's probably not ideal to have both production and non-production resources in the same subscription from manageability and security perspective. Please review: Subscription decision guide - Cloud Adoption Framework | Microsoft Docs

         

        We are considering implementing more flexibility/options to include/exclude resources from the defender coverage but don't have any ETA to share at the moment.

Resources