Edit

Share via

Configure Defender for Containers on Azure (AKS)

This article explains how to configure advanced settings for Defender for Containers on your AKS clusters. It also covers how to add or remove components after initial deployment.

Configure plan components

You can enable or disable specific Defender for Containers components:

  1. Go to Microsoft Defender for Cloud > Environment settings.

  2. Select your Azure subscription.

  3. Select Settings for the Containers plan.

  4. Turn components on or off:

    • Agentless discovery for Kubernetes
    • Agentless container vulnerability assessment
    • Defender DaemonSet
    • Azure Policy for Kubernetes

    Screenshot that shows turning on components for AKS.

  5. Select Continue and Save.

Add or remove components

After initial deployment, you might need to add components that you skipped or remove unnecessary ones.

Deploy Defender sensor to existing clusters

If the Defender sensor wasn't deployed initially:

  1. Go to Microsoft Defender for Cloud > Recommendations.

  2. Search for "Azure Kubernetes Service clusters should have Defender profile enabled".

  3. Select the clusters missing the sensor.

  4. Select Fix to deploy.

Or use Azure CLI:

az aks update \
    --name <cluster-name> \
    --resource-group <resource-group> \
    --enable-defender

Add Azure Policy extension

To add policy assessment to existing deployments:

az aks enable-addons \
    --addons azure-policy \
    --name <cluster-name> \
    --resource-group <resource-group>

Remove Defender sensor

To remove the Defender sensor while keeping other components:

az aks update \
    --name <cluster-name> \
    --resource-group <resource-group> \
    --disable-defender

Remove Policy add-on

To remove the Azure Policy add-on:

az aks disable-addons \
    --addons azure-policy \
    --name <cluster-name> \
    --resource-group <resource-group>

Best practices

  1. Regular reviews: Review configuration monthly.
  2. Test changes: Test configuration changes in non-production first.
  3. Document settings: Maintain documentation of custom configurations.
  4. Monitor impact: Watch for performance impact after changes.
  5. Track exclusions: Document why certain clusters or components are excluded.

Related content

  • Last updated on