Forum Discussion
johnkimu4
Aug 23, 2024Copper Contributor
Why not separate the Defender for Cloud roles from Azure resources RBAC roles
I am wondering why MS can't separate the Defender for Cloud roles from the Azure resources RBAC roles, similar to the separation implemented for Reservations and Cost Management + Billing?
Our Azure landing zone operates as a self-service solution, where subscription owners also serve as resource administrators within their specific subscriptions.
Consequently, I have encountered difficulties enforcing certain security features provided through the Defender for Cloud. Each time these features are enabled, some subscription administrators proceed to disable them.
No RepliesBe the first to reply