Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes how to enable Microsoft Defender for Containers on Arc-enabled Kubernetes clusters by using programmatic methods.
Tip
For Azure portal deployment instructions, see Deploy Defender for Containers on Arc-enabled Kubernetes using Azure portal.
Prerequisites
Network requirements
Validate that the following endpoints for public cloud deployments are configured for outbound access. Configuring them for outbound access helps ensure that the Defender sensor can connect to Microsoft Defender for Cloud to send security data and events.
Note
The Azure domains *.ods.opinsights.azure.com and *.oms.opinsights.azure.com no longer required for outbound access. For more information, see the deprecation announcement.
| Azure domain | Azure Government domain | Azure operated by 21Vianet domain | Port |
|---|---|---|---|
| *.cloud.defender.microsoft.com | N/A | N/A | 443 |
You also need to validate the Azure Arc-enabled Kubernetes network requirements.
Additionally, you need:
- Azure CLI with the
k8s-extensionextension kubectlconfigured to access your cluster
Connect your cluster to Azure Arc
Before deploying the Defender sensor, ensure your Kubernetes cluster is connected to Azure Arc. For instructions, see Connect an existing Kubernetes cluster to Azure Arc.
Enable Defender for Containers
To enable the Defender for Containers plan on your subscription, see Enable Microsoft Defender for Cloud. You can enable the plan through the Azure portal, REST API, or Azure Policy.
Deploy the Defender sensor
After enabling the plan and connecting your cluster to Azure Arc, deploy the Defender sensor extension:
az k8s-extension create \
--name microsoft.azuredefender.kubernetes \
--cluster-type connectedClusters \
--cluster-name <cluster-name> \
--resource-group <resource-group> \
--extension-type microsoft.azuredefender.kubernetes \
--configuration-settings \
logAnalyticsWorkspaceResourceID="/subscriptions/<subscription-id>/resourceGroups/<rg>/providers/Microsoft.OperationalInsights/workspaces/<workspace-name>" \
auditLogPath="/var/log/kube-apiserver/audit.log"
Deploy the Azure Policy extension
To enable Azure Policy for Kubernetes on Arc-enabled clusters:
az k8s-extension create \
--name azure-policy \
--cluster-type connectedClusters \
--cluster-name <cluster-name> \
--resource-group <resource-group> \
--extension-type Microsoft.PolicyInsights