Forum Discussion
Owner role required to install MS Defender for Cloud on Azure VMs
MicrosoftCiyaresh not sure if understood correctly, adding the reference for roles and allowed actions in Defender for Cloud: roles-and-allowed-actions . hope that's help.
My problem:
We have had many VMs deployed on Azure prior to getting the Cloud Defender license. Now we have a policy that deploys the cloud defender agent to all new VMs. However, if you want to deploy the agent on existing VMs, you need to have a Owner role for that VM you are trying to deploy the agent on. Since we have a lot of VMs in different subscriptions/resource groups, it becomes a really tedious task trying to get Cloud Defender on all VMs, as first you need to become the "Owner" of that VM. A Security Administrator should be able to deploy a security tool to resources without being an Owner of that resource.