Quickstart: Enable enhanced security features

Get started with Defender for Cloud by using its enhanced security features to protect your hybrid and multicloud environments.

In this quickstart, you'll learn how to enable the enhanced security features by enabling the different Defender for Cloud plans through the Azure portal.

To learn more about the benefits of enhanced security features, see Microsoft Defender for Cloud's enhanced security features.

Prerequisites

Enable enhanced security features from the Azure portal

To enable all Defender for Cloud features including threat protection capabilities, you must enable enhanced security features on the subscription containing the applicable workloads.

If you only enable Defender for Cloud at the workspace level, Defender for Cloud won't enable just-in-time VM access, adaptive application controls, and network detections for Azure resources. In addition, the only Microsoft Defender plans available at the workspace level are Microsoft Defender for Servers and Microsoft Defender for SQL servers on machines.

Note

  • You can enable Microsoft Defender for Storage accounts at either the subscription level or resource level.
  • You can enable Microsoft Defender for SQL at either the subscription level or resource level.
  • You can enable Microsoft Defender for open-source relational databases at the resource level only.

You can protect an entire Azure subscription with Defender for Cloud's enhanced security features and the protections will be inherited by all resources within the subscription.

To enable enhanced security features on one subscription:

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. From Defender for Cloud's main menu, select Environment settings.

  4. Select the subscription or workspace that you want to protect.

  5. Select Enable all to enable all of the plans for Defender for Cloud.

    Screenshot of the Defender for Cloud's pricing page in the Azure portal.

  6. Select Save.

To enable enhanced security on multiple subscriptions or workspaces:

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. From Defender for Cloud's menu, select Getting started.

    The Upgrade tab lists subscriptions and workspaces eligible for onboarding.

    Screenshot of the upgrade tab of the getting started page.

  4. Select the desired subscriptions and workspace from the list.

  5. Select Upgrade.

    Screenshot that shows where the upgrade button is located on the screen.

    Note

    • If you select subscriptions and workspaces that aren't eligible for trial, the next step will upgrade them and charges will begin.
    • If you select a workspace that's eligible for a free trial, the next step will begin a trial.

Customize plans

Certain plans allow you to customize your protection.

You can learn about the differences between the Defender for Servers plans to help you choose which one you would like to apply to your subscription.

Defender for Databases allows you to select which type of resources you want to protect. You can learn about the different types of protections offered.

Defender for Containers is available on hybrid and multicloud environments. You can learn more about the enablement process for Defender for Containers for each environment type.

Disable enhanced security features

If you choose to disable the enhanced security features for a subscription, you'll just need to change the plan to Off.

To disable enhanced security features:

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. From Defender for Cloud's menu, select Environment settings.

  4. Select the relevant subscriptions and workspaces.

  5. Find the plan you wish to turn off and select Off.

    Screenshot that shows you how to enable or disable Defender for Cloud's enhanced security features.

    Note

    After you disable enhanced security features - whether you disable a single plan or all plans at once - data collection may continue for a short period of time.

Next steps

Now that you've enabled enhanced security features, enable the necessary agents and extensions to perform automatic data collection as described in auto provisioning agents and extensions.