Skip to main content

πŸ“ Microsoft Defender Agentless Container Vulnerability Assessment Component is not enabled 🟒

  • Contextual name: πŸ“ Agentless Container Vulnerability Assessment Component is not enabled 🟒
  • ID: /ce/ca/azure/microsoft-defender/agentless-container-vulnerability-assessment
  • Located in: πŸ“ Microsoft Defender for Cloud

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Description​

Open File

Description​

Enable automatic vulnerability management for images stored in ACR or running in AKS clusters.

Rationale​

Agentless vulnerability scanning will examine container images - whether running or in storage - for vulnerable configurations.

Impact​

Agentless container vulnerability assessment requires licensing and is included in:

  • Defender CSPM
  • Defender for Containers plans.

Audit​

From Azure Portal​
  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Locate the row for Agentless container vulnerability assessment.
  6. Ensure that On is selected.

Repeat the above for any additional subscriptions.

Default Value​

By default, Microsoft Defender for Containers is Off. If Defender for Containers is enabled from the Microsoft Defender for Cloud portal, auto provisioning will be enabled.

References​

  1. https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction

... see more

Remediation​

Open File

Remediation​

From Azure Portal​

  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Locate the row for Agentless container vulnerability assessment.
  6. Select On.
  7. Click Continue in the top left.

Repeat the above for any additional subscriptions.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v3.0.0 β†’ πŸ’Ό 3.1.4.3 Ensure that 'Agentless container vulnerability assessment' component status is 'On' (Automated)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Microsoft Defender Configuration26