Jan 19 2021 02:26 AM
Hi There,
I am new to ASC. I enabled azure defender (trial) for my subscription and now want to only enable azure defender for my production workloads not the dev/test. We have all the workloads under same subscription. Is it possible to do that ?
Thanks
Muhammad Hamza
Jan 19 2021 02:57 AM - edited Jan 19 2021 02:58 AM
Hello Muhammad,
If you only mean VM's by "workload" then this one is answered very quickly ;)
https://docs.microsoft.com/nl-nl/azure/security-center/security-center-pricing#can-i-enable-azure-de...
Hope this answers your question.
Jan 19 2021 03:04 AM
Jan 19 2021 10:08 AM - edited Jan 19 2021 02:30 PM
Hi Muhammad,
There is no binary answer to your question. For certain resources (SQL, Storage accounts) Azure Defender currently can be (if you need granularity, assuming it is not enabled on the subscription) enabled at the resource level. For all other supported resource types you need to enable Defender at the subscription level to get full benefit of it.
Also, it's probably not ideal to have both production and non-production resources in the same subscription from manageability and security perspective. Please review: Subscription decision guide - Cloud Adoption Framework | Microsoft Docs
We are considering implementing more flexibility/options to include/exclude resources from the defender coverage but don't have any ETA to share at the moment.
Jan 29 2021 05:27 AM
Thank you . Even we are looking for exceptions and its good to know that there is a plan to have this features to be incorporated .