Protect resources that report to a Log Analytics workspace
Defender for Cloud utilizes Log Analytics workspaces, both default and custom, to collect and analyze data from your connected resources. To protect your resources, you can enable specific Defender for Cloud plans on both the subscription level or on specific workspaces that have resources that report to that Log Analytics workspace.
The available plans that you can enable on a Log Analytics workspace level are:
- Foundational CSPM (enabled by default and nonconfigurable)
- Defender for Servers
- Defender for SQL servers on machines
Important
We recommend you enable the SQL servers on machines plan using the Azure Monitoring Agent (AMA) auto provisioning on the subscription level, and not on the workspace level. When you enable the SQL servers on machines plan on the workspace level, it uses the deprecated Microsoft Monitoring Agent (MMA).
Prerequisites
You need a Microsoft Azure subscription. If you don't have an Azure subscription, you can sign up for a free subscription.
You must enable Microsoft Defender for Cloud on your Azure subscription.
Connect your non-Azure machines, AWS account or GCP projects.
Review the Defender for Cloud pricing page.
Enable plans on a Log Analytics workspace
When you enable a plan on a Log Analytics workspace, you enable the plan for all the resources that report to that workspace.
Sign in to the Azure portal.
Search for and select Microsoft Defender for Cloud.
Select Environment settings.
Select the relevant workspace.
Enable a plan by toggling the switch to On.
Select Save.
Once you enable a plan on a workspace, the plan protects to all of the resources that report to that workspace.
