iCompaas Support

Description:

Auto provisioning of Microsoft Defender for Containers components ensures that the required security extensions are installed. such as the Azure Policy add-on, Defender agent, and data collection components are automatically installed on supported Kubernetes clusters and container environments. These components enable vulnerability assessment, runtime threat detection, compliance evaluation, agentless scanning, and behavioral analytics. Enabling this setting ensures new container workloads are automatically onboarded into Microsoft Defender for Containers without manual configuration, reducing gaps in container security visibility.

Rationale:

If auto provisioning is disabled, new or existing AKS clusters may not have the Defender for Containers agent or required add-ons installed. This results in missing telemetry, unmonitored container workloads, undetected vulnerabilities, and weakened protection against runtime threats. Enabling auto provisioning ensures uniform security coverage, consistent onboarding, and reliable threat analytics across all containerized environments.

Impact:

• Ensures all existing and future Kubernetes clusters have security coverage.

• Prevents gaps in workload protection due to manual onboarding errors.

• Improves detection for container vulnerabilities, image scanning, and runtime threats.

• Strengthens cloud-native security posture.

Default Value:

Auto provisioning for Microsoft Defender for Containers is disabled by default until configured in Microsoft Defender for Cloud.

Pre-Requisites:

• Log Analytics workspace configured for Defender data collection

• AKS clusters must be connected to Azure Monitor / Azure Policy for add-on deployment

Test Plan:

1. Sign in to the Azure Portal https://portal.azure.com .

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under the settings, Open Defender plans

6. Under the Cloud Workload Protection (CWPP), Locate Microsoft Defender for Containers

7. Verify Microsoft Defender for Containers is set to On, which enables automatic provisioning of required container security components

8. If Microsoft Defender for Containers is not set to On, follow the implementation steps

Implementation Steps:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Locate Microsoft Defender for Containers

7. Set Microsoft Defender for Containers to On to enable automatic provisioning of container security components

8. Save the changes

Backout Plan:

1. Sign in to the Azure Portal https://portal.azure.com.

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Locate Microsoft Defender for Containers

7. Set Microsoft Defender for Containers to Off

8. Save the changes

Reference:

• https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction