Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Automatic Provisioning of Microsoft Defender for Containers Components

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: SecurityCenter-040

Ensure that Defender for Containers security components are automatically provisioned for your Azure containers using Microsoft Defender for Cloud in order to monitor, improve, and maintain the security of your containers and their applications. The components that can be currently used for your containers are Defender DaemonSet – a component required for runtime protection and security capabilities provided by Defender for Containers, and Azure Policy for Kubernetes – a security component required to enforce organizational standards and implement compliance at-scale for Azure Kubernetes Service (AKS) clusters.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security

To protect against threats and vulnerabilities and ensure safe and secure operations for your Azure containers, the components provided by Microsoft Defender for Containers can assist you with vulnerability assessment, runtime threat protection for container resources, and overall security hardening for container environments.

Note: To use the automatic provisioning of security components, Microsoft Defender for Cloud must be enabled for your container resources at the account/subscription level.


Audit

To determine if the automatic provisioning of Microsoft Defender for Containers components is enabled in your Azure account, perform the following operations:

Note: Getting the configuration status for the automatic provisioning feature in Microsoft Defender for Cloud using Azure CLI/PowerShell is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Microsoft Defender for Cloud blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/0.

03 In the main navigation panel, under Management, choose Environment settings.

04 Click on the name (link) of the Azure subscription that you want to examine.

05 In the navigation panel, under Settings, choose Defender plans to access the Microsoft Defender for Cloud plans available for the selected subscription.

06 For Containers, choose Settings > in the Monitoring coverage column to access the Defender for Cloud components available for container resources.

07 Check the configuration status for each supported security component, available in the Status column. If the configuration status for one or more security components is set to Off, the automatic provisioning of Microsoft Defender for Containers components is not enabled within the selected Azure subscription.

08 Repeat step no. 4 – 7 for each Microsoft Azure subscription available within your cloud account.

Remediation / Resolution

To ensure that all the Microsoft Defender for Containers components are enabled for your Azure containers, perform the following operations:

Note: Enabling the automatic provisioning of the Defender for Containers components using Azure CLI/PowerShell is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Microsoft Defender for Cloud blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/0.

03 In the main navigation panel, under Management, choose Environment settings.

04 Click on the name (link) of the Azure subscription that you want to configure.

05 In the navigation panel, under Settings, choose Defender plans to access the Microsoft Defender for Cloud plans available for the selected subscription.

06 For Containers, choose Settings > in the Monitoring coverage column to access the Defender for Cloud components available for container resources.

07 Choose On for every security component listed in the Component column to enable the automatic provisioning feature for your Azure container resources.

08 Select Continue from the blade top menu and choose Save to apply the changes.

09 Repeat step no. 4 – 8 for each Microsoft Azure subscription available within your cloud account.

References

Publication date Oct 18, 2022