Skip to main content

πŸ›‘οΈ Microsoft Defender Agentless Container Vulnerability Assessment Component is not enabled🟒βšͺ

  • Contextual name: πŸ›‘οΈ Agentless Container Vulnerability Assessment Component is not enabled🟒βšͺ
  • ID: /ce/ca/azure/microsoft-defender/agentless-container-vulnerability-assessment
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: SECURITY

Description​

Open File

Description​

Enable automatic vulnerability management for images stored in ACR or running in AKS clusters.

Rationale​

Agentless vulnerability scanning will examine container images - whether running or in storage - for vulnerable configurations.

Impact​

Agentless container vulnerability assessment requires licensing and is included in:

  • Defender CSPM
  • Defender for Containers plans.

Audit​

From Azure Portal​
  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Locate the row for Agentless container vulnerability assessment.
  6. Ensure that On is selected.

Repeat the above for any additional subscriptions.

Default Value​

By default, Microsoft Defender for Containers is Off. If Defender for Containers is enabled from the Microsoft Defender for Cloud portal, auto provisioning will be enabled.

References​

  1. https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction

... see more

Remediation​

Open File

Remediation​

From Azure Portal​

  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Locate the row for Agentless container vulnerability assessment.
  6. Select On.
  7. Click Continue in the top left.

Repeat the above for any additional subscriptions.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό CIS Azure v3.0.0 β†’ πŸ’Ό 3.1.4.3 Ensure that 'Agentless container vulnerability assessment' component status is 'On' (Automated)1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Microsoft Defender Configuration26no data