This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 40%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi, I have an AKS cluster where a few security recommendations are reported. I believe I have mitigated some of them already, but they are still shown.
Namely, there is
- Container images should be deployed from trusted registries only
- Azure Kubernetes Service clusters should have Defender profile enabled
- Kubernetes clusters should disable automounting API credentials
I will include screenshots of what I can see in the UI to be as descriptive as possible.
Let's look at the last one as that's pretty straightforward. When I click at it for details, then View policy definition, I see that it's assigned to the cluster.
Yet, this exact policy that is reporting OK is still listed as problematic in the Defender for Cloud list. Why is that? The same case applies to the other policies as well. The policy itself is active, it won't let me deploy pods that do not disable automounting the credentials. But no matter what I do the policy is still listed as not enforced in the Defender overview and I am getting flagged by the security department for having "High" severity security recommendations pending.
For future readers' reference, I also asked the same question on S/O: https://stackoverflow.com/questions/72981584/azure-defender-for-cloud-reporting-issues-that-have-already-been-fixed
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 24%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
I had the same issue in my environment where policy get re-evaluated every night and showing resources " Doesnt exist " in non compliant column . This things kept going on for weeks .
The same goes in Defender
I think Microsoft needs to work out on tightening refreshments level between policy and Defender recommendation.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Apologies for the delayed response. Defender for Cloud uses freshness intervals in its recommendations. Depending on the recommendation, it's updated between 30 minutes and 24 hours.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 96%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Thank you for the response! I am aware of that, I have checked and re-checked this for over a week now, so this is not down to the freshness interval.