Navigate Tag Policy Exceptions in Microsoft Defender for Cloud
    • 15 Aug 2024
    • 1 Minute to read
    • PDF

    Navigate Tag Policy Exceptions in Microsoft Defender for Cloud

    • PDF

    Article summary

    Understanding and managing tag policy exceptions in Microsoft Defender for Cloud is crucial for maintaining security posture while accommodating specific resource requirements. To configure a policy exception for Red Canary regarding tag requirements, enabling Red Canary to receive Microsoft Defender for Cloud alerts seamlessly via the Azure integration, follow the procedure from beginning to end.

    Azure Console

    1. In Azure, navigate to the Policy section from the Home page.

    2. Under Authoring, click Assignments.

    3. Identify and click the policies requiring tags. 

    Note: There are several approaches to complete the steps. Choose the option that best fits with your configuration and process.

    Option 1 - Add an exemption

    1. Select the Create exemption tab. 

    2. Click the ellipsis next to Exemption scope.

    3. Under Exemption scope, click Resource Group and select RCAutomation for each subscription. Your title goes here

      Note: Ensure you add exemptions to all applicable subscriptions.

    4. Click Select.

    5. Click Review + save

    Option 2 - Edit an existing policy assignment

    1. Click Edit Assignment

    2. Click the Exclusions ellipsis. This opens the Scope window

    3. Add an exclusion for the RCAutomation Resource Group in each subscription.

    4. Click Save.

    5. Click Review + save

    Option 3 - Add an exclusion that applies to the entire scope of the policy

    1. Expand the resource selectors, and under resourceType add a blanket exclusion for Microsoft.Security/automations

    2. Save the policy assignment. Check the compliance report to ensure that the scope was not overly broad.


    Was this article helpful?