Defender and Plans

Steel Contributor


What is considered before enabling the various Microsoft Defender plans? - enable all by resources type or enable the specific ones? (what your subscription contains) 


There are no cost if you e.g. enable the 'Containers plan' and you don't have any Containers deployed in the Subscription?    

What happens on the subscription level when enabling the containers plan? 

2 Replies
You are only charged for resources being used and protected. It's recommended to enable all defender plans to make sure when new resources get provisioned Defender for Cloud will start monitoring and protecting them right away.

Defender for Containers internals are very well documented here:

What happens on the single VM when enabling the Defender for Servers plan? - and if auto provision is disabled?

The recommendation/Best Practices is to enable all Defender plans but when auto provision is enabled a lot of Managed Identities gets created (e.g enabling containers) - is there a way to "avoid" all/some of these Managed Identities, as it is possible to use the authentication tokens from a compromised managed identity?