azurerm_security_center_subscription_pricing auto-enables OnUploadMalwareScanning extension with DefenderForStorageV2 subplan

[PeterBennink]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.7

AzureRM Provider Version

3.114.0

Affected Resource(s)/Data Source(s)

azurerm_security_center_subscription_pricing

Terraform Configuration Files

resource "azurerm_security_center_subscription_pricing" "ms_defender" {
  tier          = "Standard"
  resource_type = "StorageAccounts"
  subplan       = "DefenderForStorageV2"

  extension {
    name = "SensitiveDataDiscovery"
  }
}

Debug Output/Panic Output

n/a, they apply succeeds

Expected Behaviour

I would expect my subscription to be set to the new Defender for Storage plan, with SensitiveDataDiscovery enabled

Actual Behaviour

My subscription gets set to the new Defender for Storage plan, with SensitiveDataDiscovery and OnUploadMalwareScanning enabled. I don't want to use this feature, but I don't really have a way to disable it, because I can't explicitly disable it in Terraform, if I add it as an extension block it will also get enabled, at that point I can only tweak CapGBPerMonthPerStorageAccount.

Steps to Reproduce

Nothing to add to above information.

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/azurerm/3.114.0/docs/resources/security_center_subscription_pricing