cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
LIVE
Find out more
SOLVED

ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?

Austin Ayers
Brass Contributor

‎Jun 03 2021 03:50 PM

‎Jun 03 2021 03:50 PM

ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?

Good evening all!

I have have Azure defender for "SQL servers on machines" enabled on my primary Log Analytics workspace...

I have discovered that instances of SQL running on developer machines and other instances that I prefer not to monitor and be billed for in ASC have been included. I would prefer to stop "protecting" them and target only a specific set of SQL instances in my workspace...

 

Will "Solution targeting" within the SQLAdvancedThreatProtection and SQLVulnerabilityAssessment solutions within that workspace allow me to scope coverage and then eliminate the meter charges in Azure for the defender security services?

Is there an alternative approach I am missing?

 

Thank you for your time and consideration, and I think this product is AMAZING!

1,372 Views
0 Likes
5 Replies
Reply
5 Replies
Austin Ayers

‎Jun 07 2021 07:26 AM

‎Jun 07 2021 07:26 AM

Re: ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?

to add additional clarification...  The machines that I would like to exclude from scope are connected to the ASC monitored workspace and not using the ARC agent.  I would prefer to leave the machines connected to the workspace while excluding them from the protection scope of Azure defender for "sql servers on machines".

0 Likes
Reply
best response confirmed by Austin Ayers (Brass Contributor)
mimakh

‎Jun 07 2021 09:45 AM

‎Jun 07 2021 09:45 AM

Solution

Re: ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?

Hi Austin, thanks for your kind words!

Currently, there are two ways to target resources with a finer resolution than subscriptions:
1. using a custom workspace managing those resources separately
2. solution targetting
So in your case seems indeed that solution targeting is the best option.



1 Like
Reply
Austin Ayers

‎Jun 07 2021 12:05 PM

‎Jun 07 2021 12:05 PM

Re: ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?

@mimakh  Thanks for your feedback... do you know, would it be BOTH solution related to SQL within the workspace?

 

Preview file
19 KB
0 Likes
Reply
Austin Ayers

‎Jun 09 2021 06:40 AM

‎Jun 09 2021 06:40 AM

Re: ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?

Marked @mimakh as best response though it would be helpful for confirmation on my latest question, and might be helpful if the response were documented. ie: which solutions should be targeted so as to avoid the "protection" and "assessment".
0 Likes
Reply
DavidTrigano

‎Jun 10 2021 06:24 PM - edited ‎Jun 10 2021 06:27 PM

‎Jun 10 2021 06:24 PM - edited ‎Jun 10 2021 06:27 PM

Re: ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection?

Hi Austin,

To avoid "protection" you should target SQLATP, for "assessment" SQLVA should be targeted. Please note that if you want to stop protecting your machines, you will have to target both solutions, as they are related to Azure Defender for SQL,

1 Like
Reply