Email: helpdesk@telkomuniversity.ac.id

This Portal for internal use only!

All Categories

All Categories

Search

0 Wishlist

Cart

Categories
More Categories Less Categories

iconTicket Service Desk

All Categories

All Categories

Search

0 Wishlist

Cart

Menu
Home/Microsoft/Excluding machines from agentless scanning for machines at scale

Excluding machines from agentless scanning for machines at scale

/ 2024-09-25
Excluding machines from agentless scanning for machines at scale
Microsoft

We can configure the exclusion of machines based on tags in the environment settings under Defender plans > Settings & monitoring at the subscription level. This process is detailed in the documentation.

 

However, configuring the exclusion of certain tags for all subscriptions at scale is not straightforward. Neither the Configure Microsoft Defender for Servers plan nor the Configure Microsoft Defender CSPM plan Azure Policy provides such a parameter.

 

The following PowerShell command works: 

Set-AzSecurityPricing -Name “CloudPosture” -PricingTier “Standard” -Extension ‘[{“name”:”SensitiveDataDiscovery”,”isEnabled”:”True”,”additionalExtensionProperties”:null},{“name”:”ContainerRegistriesVulnerabilityAssessments”,”isEnabled”:”True”,”additionalExtensionProperties”:null},{“name”:”AgentlessDiscoveryForKubernetes”,”isEnabled”:”True”,”additionalExtensionProperties”:null},{“name”:”AgentlessVmScanning”,”isEnabled”:”True”,”additionalExtensionProperties”:{“ExclusionTags”:”[{“key”:”Microsoft”,”value”:”Defender”},{“key”:”For”,”value”:”Cloud”}]”}}]’

 

Is directly calling the Azure Resource Manager API (e.g. via Az PowerShell) for every subscription or creating a custom Azure Policy definition the only option? Would be great if this is supported by the built-in policy definition.

 

​We can configure the exclusion of machines based on tags in the environment settings under Defender plans > Settings & monitoring at the subscription level. This process is detailed in the documentation. However, configuring the exclusion of certain tags for all subscriptions at scale is not straightforward. Neither the Configure Microsoft Defender for Servers plan nor the Configure Microsoft Defender CSPM plan Azure Policy provides such a parameter. The following PowerShell command works:  Set-AzSecurityPricing -Name “CloudPosture” -PricingTier “Standard” -Extension ‘[{“name”:”SensitiveDataDiscovery”,”isEnabled”:”True”,”additionalExtensionProperties”:null},{“name”:”ContainerRegistriesVulnerabilityAssessments”,”isEnabled”:”True”,”additionalExtensionProperties”:null},{“name”:”AgentlessDiscoveryForKubernetes”,”isEnabled”:”True”,”additionalExtensionProperties”:null},{“name”:”AgentlessVmScanning”,”isEnabled”:”True”,”additionalExtensionProperties”:{“ExclusionTags”:”[{“key”:”Microsoft”,”value”:”Defender”},{“key”:”For”,”value”:”Cloud”}]”}}]’ Is directly calling the Azure Resource Manager API (e.g. via Az PowerShell) for every subscription or creating a custom Azure Policy definition the only option? Would be great if this is supported by the built-in policy definition.   Read More

Tags:

Related posts

Microsoft introduces new adapted AI models for industry
2024-11-13

Microsoft introduces new adapted AI models for industry

IDC’s 2024 AI opportunity study: Top five AI trends to watch
2024-11-13

IDC’s 2024 AI opportunity study: Top five AI trends to watch

How real-world businesses are transforming with AI
2024-11-13

How real-world businesses are transforming with AI

Leave a Reply

Your email address will not be published. Required fields are marked *

Adobe
Google for Education
IBM
Matlab
Microsoft
Wordpress
Visual Paradigm
Opensource

Portal Application Package Repository Telkom University, for internal use only, empower civitas academica in study and research.

Information

Contact Us

Copyright © Telkom University. All Rights Reserved. ch