You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The policy assignment "Deploy-MDFC-Config", which assigns the initiative with the same name, lets us define a number of parameters for the Microsoft Defender for Cloud configuration. However, it doesn't let us choose a number of things that are configurable in Defender.
For instance, in Microsoft Defender for Servers, one have the possibility to select the SKU, but based on the built-in policy, subplan is not set nor defined, which enforces subplan P2 to be used as it is the recommended option, i.e. "Microsoft Defender for Servers Plan 2". Wishing for an enhancement such that one can choose subplan P1, which in turn corresponds to "Microsoft Defender for Servers Plan 1".
Another great example and room for improvement is the multiple options you have inside the monitoring coverage. A recent update in this repo brought in "Vulerability assessment for machines" through setting the vulnerabilityAssessmentProvider to mdeTvm, but didn't cover the other components (Log Analytics agent, Endpoint Protection, and Agentless scanning for machines).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The policy assignment "Deploy-MDFC-Config", which assigns the initiative with the same name, lets us define a number of parameters for the Microsoft Defender for Cloud configuration. However, it doesn't let us choose a number of things that are configurable in Defender.
For instance, in Microsoft Defender for Servers, one have the possibility to select the SKU, but based on the built-in policy, subplan is not set nor defined, which enforces subplan P2 to be used as it is the recommended option, i.e. "Microsoft Defender for Servers Plan 2". Wishing for an enhancement such that one can choose subplan P1, which in turn corresponds to "Microsoft Defender for Servers Plan 1".
Another great example and room for improvement is the multiple options you have inside the monitoring coverage. A recent update in this repo brought in "Vulerability assessment for machines" through setting the vulnerabilityAssessmentProvider to mdeTvm, but didn't cover the other components (Log Analytics agent, Endpoint Protection, and Agentless scanning for machines).
When can we expect such enhancements?
Beta Was this translation helpful? Give feedback.
All reactions