This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 67%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E0%3C/text%3E%3C/svg%3E)
Hello,
We use a standard Microsoft Policy to activate Azure Defender for Servers P1 via tags on our Azure ARC Servers. The policy in question is "Configure Azure Defender for Servers to be enabled ('P1' subplan) for all resources (resource level) with the selected tag" (Policy ID: 9e4879d9-c2a0-4e40-8017-1a5a5327c843).
Currently, after assigning the tag, the remediation task does not start automatically. To address this, we trigger the remediation via Azure Automation. However, we are encountering an issue where both the P1 and P2 plans become active for all targeted resources, leading to billing for both plans simultaneously.
We have two questions:
Thanks Andy
Is it that you may have assigned the defender for server P2 plan at the subscription level? I would check this first and remove this assignment then apply P1 plan at the subscription level and granular apply P2 plan at the resource level so the inverse.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 78%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
also at Workspace level. When you go into MDC in Environment Settings, select Plans. In there you have to expand Management Group to find Subscriptions and under each Workspaces.
As @Hexary already stated you could have it assigned there