cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more
SOLVED

Microsoft Azure Defender for Cloud Regulatory Compliance

spintov
Copper Contributor

‎Jun 16 2022 09:22 AM

‎Jun 16 2022 09:22 AM

Microsoft Azure Defender for Cloud Regulatory Compliance

  1. Could you configure Microsoft Defender to monitor regulatory compliance by resource group (default) instead of by subscription level? Is this possible?
    1. All documentation on this points out that it's by subscription level (default) and management group. You can set default policy, edit/create custom initiatives, and enable/disable regulations/standard on settings. 
Labels:
1,570 Views
0 Likes
3 Replies
Reply
3 Replies
Ash_Gardiner

‎Jun 16 2022 02:55 PM

‎Jun 16 2022 02:55 PM

Re: Microsoft Azure Defender for Cloud Regulatory Compliance

Hi Spintov,
Yes. In the Azure portal, if you navigate to the Resource Group, you can select "Policies" and from there you can "Assign Initiative" There are initiatives that correspond to various regulations and standards. Select the one you want and assign it.

Thanks, Ash
0 Likes
Reply
spintov

‎Jun 21 2022 12:12 PM

‎Jun 21 2022 12:12 PM

Re: Microsoft Azure Defender for Cloud Regulatory Compliance

@Ash_Gardiner Hi Ash, thanks! When I go to The Regulatory compliance dashboard, how can can I select only the resorce groups I want to see? If my subscription has several resource groups but I only want it to assess specific resource groups. At the moment is applied by subscription level, how can I change it to by ResourceGroup? I know I can run a workbook and select only to be applied to the ResourceGroup I want to take data from but I need to be able to use the Regulatory compliance dashboard as well. I wonder if by taking the other RS groups from having Defender analyzing the initiative against it, if it would drop them from that tab?

0 Likes
Reply
best response confirmed by spintov (Copper Contributor)
Ash_Gardiner

‎Jun 21 2022 07:45 PM

‎Jun 21 2022 07:45 PM

Solution

Re: Microsoft Azure Defender for Cloud Regulatory Compliance

Hi @spintov,
You are correct that you can unassign the initiative at the Subscription level, which means at that point the assessments are happening at the RG level. If the initiative has not been assigned on RGs within the Subscription directly they should disappear from the compliance view because they are no longer in scope.
My initial answer was black and white - saying that what you wanted could be done and how to do it. The more real world answer is that I don't have customers who managed compliance at the RG level directly as it does not scale well. I've seen exceptions where only a couple of RG need PCI-DSS compliance but if you want to apply an initiative to many RG's individually it's not very fun unless they cascade from a parent Subscription. If workloads need to be subject to PCI-DSS compliance for example, one solution is to place those workloads in a dedicated subscription, maintaining the initiative at the subscription level.
Hopefully someone else in the community has another approach to recommend.
Thanks, Ash
1 Like
Reply