Forum Discussion
Azure defender for subset of services/resources
Hello Muhammad,
If you only mean VM's by "workload" then this one is answered very quickly 😉
https://docs.microsoft.com/nl-nl/azure/security-center/security-center-pricing#can-i-enable-azure-defender-for-servers-on-a-subset-of-servers-in-my-subscription
Hope this answers your question.
- Hi There,
I already read this article, it only tells about VM, Our workload have lots of app service plans, storage accounts, SQL servers, key vaults and many other resources. we have all of these resources for dev and prod under a single subscription. Can we somehow enable azure defender for a subset of these resources like on RG level or anything like that or even at resource level ?- StanislavBelov
Microsoft
Hi Muhammad,
There is no binary answer to your question. For certain resources (SQL, Storage accounts) Azure Defender currently can be (if you need granularity, assuming it is not enabled on the subscription) enabled at the resource level. For all other supported resource types you need to enable Defender at the subscription level to get full benefit of it.
Also, it's probably not ideal to have both production and non-production resources in the same subscription from manageability and security perspective. Please review: Subscription decision guide - Cloud Adoption Framework | Microsoft Docs
We are considering implementing more flexibility/options to include/exclude resources from the defender coverage but don't have any ETA to share at the moment.
Thank you . Even we are looking for exceptions and its good to know that there is a plan to have this features to be incorporated .
