iCompaas Support

Description:

This control ensures that Microsoft Defender for Containers is enabled in your Azure environment. It provides continuous threat protection, vulnerability assessment, and security monitoring for containerized workloads running in Azure Kubernetes Service (AKS) and other container platforms, helping safeguard against attacks and misconfigurations.

Rationale:

Containers are widely used to deploy applications rapidly, but they introduce unique security risks. Enabling Defender for Containers allows real-time detection of vulnerabilities, configuration issues, and malware, reducing the risk of compromise and ensuring secure container operations.

Impact:

Enabling Defender for Containers may incur additional licensing costs and generate alerts that require investigation. Operational performance is minimally affected. The benefit is improved visibility, threat detection, and compliance for container workloads.

Default value:

Microsoft Defender for Containers is off by default in Azure subscriptions. It must be explicitly enabled for container security monitoring.

Pre-requisites:
 • You must have an Owner, Security Admin, or Contributor role
 • Microsoft Defender for Cloud is enabled
 • Container resources (AKS / ACR) exist
 • You are approved to enable paid plans

Test Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Under the Cloud Workload Protection (CWPP), Locate Microsoft Defender for Containers

7. Verify Microsoft Defender for Containers is set to On

8. If Microsoft Defender for Containers is not set to On, follow the implementation steps

Implementation Steps:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Under the Cloud Workload Protection (CWPP), Locate Microsoft Defender for Containers

7. Set Microsoft Defender for Containers to On

8. Save the changes

Backout Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Under the Cloud Workload Protection (CWPP), Locate Microsoft Defender for Containers

7. Set Microsoft Defender for Containers to Off

8. Save the changes

References:

• https://docs.microsoft.com/en-us/azure/security-center/security-center- detection-capabilities

• Pricings - List - REST API (Azure Security Center) 

• Pricings - Update - REST API (Azure Security Center) 

• https://docs.microsoft.com/en-us/powershell/module/az.security/get- azsecuritypricing

• https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls- v2-endpoint-security#es-1-use-endpoint-detection-and-response-edr