Setting Defender for Server Pricing Plan per resource + disable MDE auto-provision

Question

I have some question related Defender for server and the added ability to set the pricing plans on a resource level as well as outlined here: https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Powershell%20scripts/Defender%20for%20Servers%20on%20resource%20level/ResourceLevelPricingAtScale.ps1

I wonder about the following:

• I tested this with p1 plan on a VM and Defender for servers turned off completely in defender for cloud. Do I have P1 now activated on this VM? Is it possible to toggle settings for that VM related to the P1 settings or is that only possible when I also set the P1 plan to on, on the subscription level?
• Another usecase. If I set the P2 plan in Defender for Servers on a subscription level, and I set the P1 plan on a VM. How can I configure the settings of the P1 plan...as now I have only the P2 setting available in Cloud Defender.
• One last question related to auto-provisioning mde.linux and mde.windows. Can this be suppressed and delivered by policy? If so does the policy need addition data other than the deployment of the extension? I see in the cloud defender for servers detailed settings that I can turn "Endpoint Protection off", but this seems to do more than blocking the auto-provisioning off mde.linux or mde.windows.

Answer 1

Hi @BartDecker-8243 , settings are configured on the subscription and apply to machines that have Defender for Servers enabled. For P1, this is MDE  and MDVM integration, both of which also apply to P2. In other words, P1 doesn’t have settings that don’t apply to P2, so there is no per-resource configuration of settings. Just enable the plan on the resource level and settings will then automatically applied/inherited from the subscription.

Please let me know if you have any questions and I can help you further.

If this answer helps you please mark "Accept Answer" so other users can reference it.

Thank you,

James