Description:
Enable automatic provisioning of the Microsoft Defender for Containers components.
Rationale:
As with any compute resource, Container environments require hardening and run-time protection to ensure safe operations and detection of threats and vulnerabilities.
Impact:
Microsoft Defender for Containers will require additional licensing.
Audit:
From Azure Portal
1. From Azure Home select the Portal Menu
2. Select Microsoft Defender for Cloud
3. Then Environment Settings
4. Select a subscription
5. Then Auto Provisioning in the left column.
6. Ensure that Microsoft Defender for Containers components is set to On
Repeat the above for any additional subscriptions.
Remediation:
From Azure Portal
1. From Azure Home select the Portal Menu
2. Select Microsoft Defender for Cloud
3. Then Environment Settings
4. Select a subscription
5. Then Auto Provisioning in the left column.
6. Set Microsoft Defender for Containers components to On
Default Value:
By default, Microsoft Defender for Containers is disabled. If Defender for Containers is enabled from the Microsoft Defender for Cloud portal, auto provisioning will be enabled.
References:
1. https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-forcontainers-introduction
3. https://msdn.microsoft.com/en-us/library/mt704062.aspx
4. https://msdn.microsoft.com/en-us/library/mt704063.aspx
5. https://docs.microsoft.com/enus/rest/api/securitycenter/autoprovisioningsettings/list
6. https://docs.microsoft.com/enus/rest/api/securitycenter/autoprovisioningsettings/create