Apr 12 2021 04:18 AM
Hi Team,
I have a existing LA Workspace which I use for Sentinel, so the MMA is installed on our on-premise servers.
Now I would like to enable this workspace in Azure Defender, but I'll only want to add some of the servers in Azure Defender(paid version), is there any way to do this or do you need another workspace for the servers I would like to add to Azure Defender?
Apr 12 2021 09:56 AM
SolutionHi @khelbo
Even though it's possible to enable AzDefender for Servers at the workspace level, it's highly recommended to enable it at the subscription level, otherwise you won't get some additional features like JIT, Application controls, MDE, etc.
Azure Defender for servers - the benefits and features | Microsoft Docs
Also, its not currently possible to enable Defender for a subset of servers connected to ASC, this is something we are considering adding in the future.
Azure Security Center FAQ - data collection and agents | Microsoft Docs
Apr 21 2021 06:57 PM
Apr 12 2021 09:56 AM
SolutionHi @khelbo
Even though it's possible to enable AzDefender for Servers at the workspace level, it's highly recommended to enable it at the subscription level, otherwise you won't get some additional features like JIT, Application controls, MDE, etc.
Azure Defender for servers - the benefits and features | Microsoft Docs
Also, its not currently possible to enable Defender for a subset of servers connected to ASC, this is something we are considering adding in the future.
Azure Security Center FAQ - data collection and agents | Microsoft Docs