Disable Microsoft Defender for Cloud for select virtual machines in Azure

Paul Nerie 266

I have several VMs running Windows 10/11 and Ubuntu in my Azure vnet and I really don't need them included in Microsoft Defender for Cloud.

I've done some searching and apparently there is no way to select which VMs are included in the service, it's an all-or-nothing affair.

However I a couple of articles that there might be a way to do this using API calls. Like the below:

https://www.seifbassem.com/blogs/posts/defender-for-servers-resource-level/

I've tried it out but it looks like it does not work. In the Inventory page the VMs are still tagged as 'On'.

I could be doing this wrong, maybe someone else has a better insight.

Thank in advance!

1 answer

Marcin Policht 13,175 Reputation points MVP

2024-05-02T02:05:51.7266667+00:00

This is available for Defender for Servers plans - it's documented and supported by Microsoft. Details at https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-servers-plan#enable-defender-for-servers-at-the-resource-level

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Please sign in to rate this answer.
Paul Nerie 266 Reputation points

2024-05-02T02:14:08.9766667+00:00

Hi Marcin, thanks. I also found that page and I believe the link in my post is the practical implementation to that. It doesn't work though, or at least cannot verify that it does. Inventory page shows the VM status is still 'On' and the cost analysis stays the same (like all VMs in my vnet are being billed).

Marcin Policht 13,175 Reputation points MVP

2024-05-02T03:35:34.75+00:00

Are you using P1 or P2? This affects the outcome - more at https://learn.microsoft.com/en-us/answers/questions/1656191/setting-defender-for-server-pricing-plan-per-resou

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Paul Nerie 266 Reputation points

2024-05-02T04:32:56.84+00:00

I am using P1. I'm sorry I'm new to this and I don't quite understand the info in the link you posted.
Do I need to uninstall something (or prevent installing something) for a VM not be included in Microsoft Defender for Cloud?
My main goal is not get charged for VMs that I don't need the service to be running in.
Thanks again!

Anveshreddy Nimmala 2,710 Reputation points Microsoft Vendor

2024-05-02T05:23:56.9166667+00:00

Hello Paul Nerie,

Sign in to the Azure portal.

Search for and select Microsoft Defender for Cloud.

In the Defender for Cloud menu, select Environment settings.

Select the subscription you are working , open settings

In settings select Defender plans and in it select cloud protection where you can off the servers off the defender plans for the services required.

Paul Nerie 266 Reputation points

2024-05-02T05:41:26.39+00:00

Hi Anveshreddy Nimmala,

Thank you, I've seen that. But for the Servers plan, it applies to all VMs. I need to exclude some VMs from it.

Or a way (like a configuration) where I don't get charged for a VM. P1 plan requires na agent to run, so if I don't install the agent (if that's possible), do I get billed for the VM?

Applying it to all VMs is expensive.

Paul Nerie 266 Reputation points

2024-05-02T06:19:50.2633333+00:00

Hi Anveshreddy Nimmala,

Thank you. I've seen that page, but the Server plan applies to all VMs, and even at P1 it is expensive.
If possible I would to exclude some VMs from the service.
If VMs can be excluded from the service, or there is a configuration that can be done so that a VM is not billed (not installing an agent for the P1 for example?), that's what I'm looking for. Anything that can save on this.

Paul Nerie 266 Reputation points

2024-05-02T06:20:40.0033333+00:00

Sorry for the duplicate answer, I thought the first one was not posted as it did not appear in the thread.
Sign in to comment

Share via

Disable Microsoft Defender for Cloud for select virtual machines in Azure

1 answer