Defender for Cloud – Reset to free tier via PowerShell

Last Updated on May 2, 2024 by Michael Morten Sonne


Resetting Microsoft Defender for Cloud Configuration

Are you looking to streamline your testing process within Microsoft Defender for Cloud? Look no further!

Introducing a small PowerShell script designed to reset Defender for Cloud configuration to its default settings, ideal for testing environments and experimentation – the stuff we know as a “playground” in IT right? 🤪

This script simplifies the process of resetting Defender for Cloud settings, ensuring a clean slate for your testing scenarios. Whether you’re a Azure administrator or just getting started, this script offers a straightforward solution to manage Defender for Cloud configurations effectively.

Why reset Defender for Cloud

In the ever-evolving landscape of cloud security, having the ability to reset configurations to a known state is invaluable. With this script, you can easily revert Defender for Cloud settings to the Free tier, there will deactivate auto-provisioning and so and remove default log analytics workspaces. This ensures a consistent starting point for testing various security configurations and policies – or just to lower your cost 🫣

Key features and usage

This PowerShell script comes packed with features to enhance your testing workflow:

  • Flexibility: Target specific Management Groups or individual subscriptions with ease, thanks to customizable parameters.
  • Comprehensive reset: Reset Defender for Cloud plans, turn off auto-provisioning, and remove default log analytics workspaces in one go.
  • Simple Execution: Execute the script effortlessly, whether you’re performing routine maintenance or setting up test environments.

How to get started

Getting started with the script is a easy. Simply download or copy the script, provide the necessary Azure subscription details and ofc. the right permissions, and let it do the heavy lifting. Whether you’re resetting configurations for a single subscription or across multiple Management Groups, this script offers a seamless experience 😎

To see your current setup and configuration, go to the Microsoft Defender for Cloud blade or via the direct link here: Microsoft Defender for Cloud – Microsoft Azure

Under here, we have stuff like Environment settings where we setup the coverted types of assets under your selected Azure Subscription under Settings > Defender plans.

Overview over Defender for Cloud plans enabled for an Azure Subscription

Introducing the PowerShell script

The PowerShell script provided below is designed to remove Azure management groups based on a specified prefix and move all associated subscriptions to the root management group (default place). Before executing the script, ensure that you have the necessary permissions to delete management groups and move subscriptions.

How to use the script

  • Connect to Azure: Run Connect-AzAccount to authenticate and connect to your Azure account.
  • Prefix: Modify the prefix argument with the prefix of the management groups you want to delete.
  • Review Output: The script will display messages indicating the progress and completion of the reset process.
Reset Defender for Cloud on an Azure Subscription

The script

See the script is hosted on my public repo here:

Contributions and Feedback

I welcome contributions and feedback to enhance this script further. Feel free to explore the GitHub repository and share your insights.


In conclusion, resetting Defender for Cloud configurations with PowerShell opens up new possibilities for streamlining security testing workflows. With this script in your toolkit, you can ensure consistency, efficiency, and reliability in managing Defender for Cloud settings.

Ready to take your Azure security testing to the next level? Download the script today and experience the convenience firsthand.

Thank you for taking the time to visit my blog. Kindly share it with others if you find it helpful for them! 😉🔐👍

Stay tuned for the new post about something cool! 🥳


Get-AzManagementGroup (Az.Resources) | Microsoft Learn

Get-AzSecurityWorkspaceSetting (Az.Security) | Microsoft Learn

Get-AzSecurityPricing (Az.Security) | Microsoft Learn

Get-AzSecurityAutoProvisioningSetting (Az.Security) | Microsoft Learn

Remove-AzSecurityWorkspaceSetting (Az.Security) | Microsoft Learn

Get-AzSecurityWorkspaceSetting (Az.Security) | Microsoft Learn

Previous Article

Introducing Azure DevOps Backup Tool Enhanced security, optimization and bug fixes!

Next Article

Entra ID - Exploring the new feature: What's New

Related Posts

Discover more from Sonne´s Cloud

Subscribe now to keep reading and get access to the full archive 🤝🧑‍💻

Join 20 other subscribers