Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure defender for subset of services/resources

Copper Contributor

Hi There,

I am new to ASC. I enabled azure defender (trial) for my subscription and now want to only enable azure defender for my production workloads not the dev/test. We have all the workloads under same subscription. Is it possible to do that ? 

Thanks

Muhammad Hamza

4 Replies

Hello Muhammad,

If you only mean VM's by "workload" then this one is answered very quickly ;)

https://docs.microsoft.com/nl-nl/azure/security-center/security-center-pricing#can-i-enable-azure-de...

Hope this answers your question.

Hi There,
I already read this article, it only tells about VM, Our workload have lots of app service plans, storage accounts, SQL servers, key vaults and many other resources. we have all of these resources for dev and prod under a single subscription. Can we somehow enable azure defender for a subset of these resources like on RG level or anything like that or even at resource level ?

Hi Muhammad,

 

There is no binary answer to your question. For certain resources (SQL, Storage accounts) Azure Defender currently can be (if you need granularity, assuming it is not enabled on the subscription) enabled at the resource level. For all other supported resource types you need to enable Defender at the subscription level to get full benefit of it.

 

Also, it's probably not ideal to have both production and non-production resources in the same subscription from manageability and security perspective. Please review: Subscription decision guide - Cloud Adoption Framework | Microsoft Docs

 

We are considering implementing more flexibility/options to include/exclude resources from the defender coverage but don't have any ETA to share at the moment.

@Stanislav Belov 

 

Thank you . Even we are looking for exceptions and its good to know that there is a plan to have this features to be incorporated .