This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 78%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi
I would like to know if i can add a policy or somehow block turning off Azure Defender for Storage , Key vault etc.
@Mohammed Siyam (DevOn)
Thank you for your post!
When it comes to Azure Security Center, it uses Azure role-based access control (Azure RBAC), which provides built-in roles that can be assigned to users, groups, and services in Azure. In order to modify Security Policies or gain access to Azure Defender, the user will need to be a Security Admin, Owner, or Contributor of that subscription.
Since Azure Security Center is controlled via RBAC role assignments, you can block users from turning off Azure Defender by making sure they aren't assigned roles they don't need at the Subscription level.
How do permissions work in Azure Security Center?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
@Mohammed Siyam (DevOn)
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Hi
I was able to add a policy that denies disabling azure defender for storage and key vault
@Mohammed Siyam (DevOn)
Thank you for following up on this and I'm glad that you were able to resolve your issue!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.