Skip to main content

πŸ“ Microsoft Defender Agentless Discovery for Kubernetes Component is not enabled 🟒

  • Contextual name: πŸ“ Agentless Discovery for Kubernetes Component is not enabled 🟒
  • ID: /ce/ca/azure/microsoft-defender/agentless-discovery-for-kubernetes
  • Located in: πŸ“ Microsoft Defender for Cloud

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Description​

Open File

Description​

Enable automatic discovery and configuration scanning of the Microsoft Kubernetes clusters.

Rationale​

As with any compute resource, Container environments require hardening and run-time protection to ensure safe operations and detection of threats and vulnerabilities.

Impact​

Agentless discovery for Kubernetes requires licensing and is included in:

  • Defender CSPM
  • Defender for Containers plans.

Audit​

From Azure Portal​
  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Locate the row for Agentless discovery for Kubernetes.
  6. Ensure that On is selected.

Repeat the above for any additional subscriptions.

Default Value​

By default, Microsoft Defender for Containers is Off. If Defender for Containers is enabled from the Microsoft Defender for Cloud portal, auto provisioning will be enabled.

References​

  1. https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction

... see more

Remediation​

Open File

Remediation​

From Azure Portal​

  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Locate the row for Agentless discovery for Kubernetes.
  6. Select On.
  7. Click Continue in the top left.

Repeat the above for any additional subscriptions.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v3.0.0 β†’ πŸ’Ό 3.1.4.2 Ensure that 'Agentless discovery for Kubernetes' component status 'On' (Automated)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Microsoft Defender Configuration26