New Contributor

Hi folks,

 

The gist is that we have Azure Defender enabled at a Subscription level.  With that comes Advanced Threat Protection for Storage Accounts which is charged per transaction within those Storage Accounts.
 
We have four storage accounts out of 176 that are very highly transactional and the monthly billing for Advanced Threat Protection is close to $1,000.  They are internal storage accounts with very limited public exposure so we are not worried about threats within those transactions.  
 
Our ideal scenario would be to keep Defender enabled at the subscription level for all of our Storage accounts and all future storage accounts but not be billed for (or use) Advanced Threat Protection.  It seems like this cmdlet:
 
 
Should do the job, but it does not.  Either it does not disable ATP or it does not disable the billing.  In either of those cases it does not do what we need.
 
After 2.5 months or trying to work through it the only option I have been given is to disable Defender at the Subscription level for all of our Storage Accounts, and then re-enable the 172 storage accounts that we do want Defender for individually via PS.  That will and does work, but it will require overhead on our part to ensure they all stay enabled and that any future accounts are enabled by the creator and none get missed.  
 
Do we have any other avenues to suppress Advanced Threat Protection on a subset of accounts within a Subscription?  
www.000webhost.com