Learn how to enable or disable Quarantine Policy and understand the implications thereof on your workload VMs.

NSX Cloud uses public cloud security groups for threat detection. For example, when Quarantine Policy is enabled, if NSX agent is forcibly stopped on a managed VM with malicious intent, the compromised VM is quarantined using the quarantine (in Microsoft Azure) or default (in AWS) security group.

General Recommendation:

Start with disabled for Brownfield deployments: Quarantine Policy is disabled by default. When you already have VMs set up in your public cloud environment, use the disabled mode for Quarantine Policy until you onboard your workload VMs. This ensures that your existing VMs are not automatically quarantined.

Start with enabled for Greenfield deployments: For greenfield deployments, it is recommended that you enable Quarantine Policy to allow threat detection for your VMs to be managed by NSX Cloud.
Note: When Quarantine Policy is enabled, apply the vm_override_sg on workload VMs to be able to onboard them and then remove this security group after they are managed by NSX Cloud. Appropriate security groups are applied to the VMs within two minutes.