Forum Discussion

Usayyad's avatar
Usayyad
MCT
Oct 07, 2022

Enroll only selected servers in Azure Defender

We have 7-8 different subscriptions and have 1000s of VM. I have enabled Azure defender for Cloud for my subscription. However I want to exclude azure defender for selected servers (Vm's). Is it possible to do that ? 

8 Replies

  • juavil's avatar
    juavil
    Icon for Microsoft rankMicrosoft
    Mar 09, 2023

    Usayyad 

    There is a way to enroll specific VMs only and the way this was done was by creating different VNETs that allowed only selected endpoints to be accessed. These VMs are essentially blocked from accessing the Internet while the rest of the servers are allowed access to the Internet. 

    Hope this helps.

    Juan

    • Jonhed's avatar
      Jonhed
      Iron Contributor
      Mar 09, 2023
      That will exclude them from MDE onboarding, but they will still be accruing costs according to the uptime, since the defender for servers plan will be active.
  • StanislavBelov's avatar
    StanislavBelov
    Icon for Microsoft rankMicrosoft
    Oct 07, 2022
    Since Defender for Servers can only be enabled at the subscription level or higher (management groups or tenant) currently it's not possible to exclude certain servers from protection. We are considering providing more granular onboarding experience in the future. However, it's possible to control what servers get onboarded to MDE (which is one of the Defender for Servers features) by using Azure Policies we recently added:
    [Preview]: Deploy Microsoft Defender for Endpoint agent on Windows virtual machines
    [Preview]: Deploy Microsoft Defender for Endpoint agent on Linux virtual machines
    [Preview]: Deploy Microsoft Defender for Endpoint agent on Windows Azure Arc machines
    [Preview]: Deploy Microsoft Defender for Endpoint agent on Linux hybrid machines
    Please keep in mind that in this case you would need to disable the integration with MDE in the subscription settings to disable auto onboarding of all VMs in this sub.
    • Carlos_Barragan's avatar
      Carlos_Barragan
      Copper Contributor
      Mar 08, 2023

      Hello everyone, I would like to see if we can already specify the virtual machines that we want to apply in Defender or are all the virtual machines of the subscription still selected @Stanislav Belov StanislavBelov 

      • StanislavBelov's avatar
        StanislavBelov
        Icon for Microsoft rankMicrosoft
        Mar 08, 2023
        Defender for Servers still can only be enabled at the subscription level.
    • Jonhed's avatar
      Jonhed
      Iron Contributor
      Oct 07, 2022

      StanislavBelov 

      Does this mean the MDE integration is not required from a license standpoint?

      Also, what kind of a delay would one be looking at, from resources being added to the policy scope until the extension is deployed?

Resources