Enabling Defender for Cloud for Azure Subscriptions
I’m unclear about how the enablement works if there hasn’t been any subscription in the tenant that has previously used Microsoft Defender for Cloud (MDC) despite having read through Connect Azure subscription and Enabling Microsoft Defender for Cloud.
The documentation specifies: First sign in to the portal and then open Defender for Cloud. Defender for Cloud is now enabled on your subscription and you have access to the basic features (= Foundational CSPM).
The subscription filter of the Azure portal defaults to all subscriptions of the current Entra ID directory. So when accessing MDC, there is no such thing as “your subscription”.
Imagine a new and pristine directory with a pristine subscription. Is MDC already enabled after creating the directory and the subscription?
If yes, then the documentation should state that Foundational CSPM is enabled per default and no enablement is needed.
If not, what happens when I navigate to MDC on the Azure portal (https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/)? Does it enable MDC for all current and future subscriptions (since there is no particular subscription “selected” when doing this)? What Azure/directory roles are required to do this? Can I trigger this action via API? How can I find out if someone already initiated this activation?
Based on my tests in my own environment, it appears that Foundational CSPM is automatically activated on new subscriptions without ever navigating to MDC. The basic CSPM features are enabled shortly after creating a new subscription, the ASC default Azure Policy initiative is automatically assigned and MDC assesses the subscription.
I’m unclear about how the enablement works if there hasn’t been any subscription in the tenant that has previously used Microsoft Defender for Cloud (MDC) despite having read through Connect Azure subscription and Enabling Microsoft Defender for Cloud. The documentation specifies: First sign in to the portal and then open Defender for Cloud. Defender for Cloud is now enabled on your subscription and you have access to the basic features (= Foundational CSPM). The subscription filter of the Azure portal defaults to all subscriptions of the current Entra ID directory. So when accessing MDC, there is no such thing as “your subscription”. Imagine a new and pristine directory with a pristine subscription. Is MDC already enabled after creating the directory and the subscription?If yes, then the documentation should state that Foundational CSPM is enabled per default and no enablement is needed.If not, what happens when I navigate to MDC on the Azure portal (https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/)? Does it enable MDC for all current and future subscriptions (since there is no particular subscription “selected” when doing this)? What Azure/directory roles are required to do this? Can I trigger this action via API? How can I find out if someone already initiated this activation? Based on my tests in my own environment, it appears that Foundational CSPM is automatically activated on new subscriptions without ever navigating to MDC. The basic CSPM features are enabled shortly after creating a new subscription, the ASC default Azure Policy initiative is automatically assigned and MDC assesses the subscription. Read More