Is it that you may have assigned the defender for server P2 plan at the subscription level? I would check this first and remove this assignment then apply P1 plan at the subscription level and granular apply P2 plan at the resource level so the inverse.
P1 and P2 Defender Plans are active at the same time and the same Azure Ressource
Hello,
We use a standard Microsoft Policy to activate Azure Defender for Servers P1 via tags on our Azure ARC Servers. The policy in question is "Configure Azure Defender for Servers to be enabled ('P1' subplan) for all resources (resource level) with the selected tag" (Policy ID: 9e4879d9-c2a0-4e40-8017-1a5a5327c843).
Currently, after assigning the tag, the remediation task does not start automatically. To address this, we trigger the remediation via Azure Automation. However, we are encountering an issue where both the P1 and P2 plans become active for all targeted resources, leading to billing for both plans simultaneously.
We have two questions:
- Is there a way to disable the Defender for Servers P2 pricing tier when enabling the P1 plan to avoid being billed for both plans?
- Is it possible to trigger the remediation task automatically after the policy gets assigned?
Thanks Andy
2 answers
Sort by: Most helpful
-
-
Alan La Pietra (CSA) 80 Reputation points Microsoft Employee
2024-05-27T08:07:06.8666667+00:00 also at Workspace level. When you go into MDC in Environment Settings, select Plans. In there you have to expand Management Group to find Subscriptions and under each Workspaces.
As @Hexary already stated you could have it assigned there