Microsoft Defender for Cloud in Azure - Time & Space Complexity

We want to understand how the time to scan and protect resources grows as we add more resources in Microsoft Defender for Cloud.

How does the number of resources affect the work Defender for Cloud does?

Analyze the time complexity of the following operation sequence.

// Enable Microsoft Defender for Cloud on subscription
az security auto-provisioning-setting update --name default --auto-provision "On"

// Defender scans each resource for threats
foreach (resource in subscription.resources) {
  scan(resource);
}

// Generate security alerts based on scans
alerts = generateAlerts(subscription.resources);

This sequence enables Defender, scans all resources, and creates alerts for any issues found.

Identify the API calls, resource provisioning, data transfers that repeat.

• Primary operation: Scanning each resource for security threats.
• How many times: Once per resource in the subscription.

As the number of resources grows, Defender scans each one individually, so the total work grows directly with the number of resources.

Input Size (n)	Approx. Api Calls/Operations
10	10 scans
100	100 scans
1000	1000 scans

Pattern observation: The number of scans grows linearly as resources increase.

Time Complexity: O(n)

This means the time to scan grows directly in proportion to the number of resources.

[X] Wrong: "Defender scans all resources instantly, so time does not increase with more resources."

[OK] Correct: Each resource must be checked individually, so more resources mean more scanning work and longer time.

Understanding how scanning time grows helps you design secure cloud environments that scale well and stay protected as they grow.

"What if Defender used parallel scanning for resources? How would the time complexity change?"