Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Agentless Discovery for Kubernetes

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that Agentless Discovery for Kubernetes is enabled for Microsoft Defender for Cloud in order to improve the security posture of your Kubernetes workloads.

Security

The Agentless Discovery for Kubernetes feature provides API-based discovery of Kubernetes clusters, their configurations, and deployments with a zero-footprint approach. This functionality is essential for agentless container posture management, as well as for conducting runtime vulnerability assessments and executing response actions.

Note: Agentless Discovery for Kubernetes is included in the following Microsoft Defender for Cloud plans: Defender CSPM and Containers.

Audit

To determine if Agentless Discovery for Kubernetes is enabled within the Microsoft Defender for Cloud settings for your Azure subscriptions, perform the following operations:

Note: Getting the configuration status for the Agentless Discovery for Kubernetes feature in Microsoft Defender for Cloud using Azure CLI/PowerShell is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Microsoft Defender for Cloud blade available at https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0.

03 In the left navigation panel, under Management, choose Environment settings.

04 Choose Expand all under the filtering menu and click on the name (link) of the Azure subscription that you want to examine.

05 In the left navigation panel, under Settings, select Defender plans, and choose Settings and monitoring.

06 On the Settings & monitoring page, ensure that Defender plans is set to All, and check the configuration status of the K8S API access component, available in the Status column. If the On/Off toggle button in the Status column is inactive, the Agentless Discovery for Kubernetes feature is disabled across all the supported Defender plans. If the On/Off toggle button is active and the Status of the K8S API access component is set to Off, Agentless Discovery for Kubernetes is not enabled for Microsoft Defender for Cloud in the selected Azure subscription.

07 Repeat steps no. 4 – 6 for each Azure subscription available within your Microsoft Azure cloud account.

Remediation / Resolution

To enable Agentless Discovery for Kubernetes within the Microsoft Defender for Cloud settings for your Azure subscriptions, perform the following operations:

Note: Enabling the Agentless Discovery for Kubernetes feature in Microsoft Defender for Cloud settings using Azure CLI/PowerShell is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Microsoft Defender for Cloud blade available at https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0.

03 In the left navigation panel, under Management, choose Environment settings.

04 Choose Expand all under the filtering menu and click on the name (link) of the Azure subscription that you want to examine.

05 In the left navigation panel, under Settings, select Defender plans, and choose Settings and monitoring.

06 On the Settings & monitoring configuration page, perform the following actions:

  1. Ensure that Defender plans is set to All.
  2. Toggle the On/Off button from the Status column to enable the K8S API access component for Microsoft Defender for Cloud in the selected Azure subscription. If the On/Off toggle button is inactive, navigate back to the Defender plans page and enable the required Defender plans (i.e., Defender CSPM and/or Containers).
  3. Select Continue from the top menu to apply the configuration changes.
  4. Choose Save from the top menu to save the changes.

07 Repeat steps no. 4 – 6 for each Azure subscription created within your Microsoft Azure cloud account.

References

Publication date Feb 13, 2025

Related SecurityCenter rules