This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 65%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Hi, I am trying to enable Microsoft Defender for Container on a specific AKS cluster instead of the whole subscription. I do not want to enable it on the whole subscription. I also tried to auto fix it under the recommendation "Azure Kubernetes Service clusters should have Defender profile enabled" but that is failing without showing the reason although I have contributor access on the AKS cluster. Can someone provide me the steps/document on how to enable and configure Microsoft Defender for Container on a specific AKS cluster
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 4%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hello, @DiptiRanjan Swain !
If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 31%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIB%3C/text%3E%3C/svg%3E)
This capability is now in preview, it is now possible to enable Defender for containers on a single cluster, enablement is available through the AKS security dashboard in the Azure portal, or through API.
Hi @Inbal Beitler , I cannot see the AKS security dashboard anywhere in Azure. Can you please share the steps
Login to Azure portal, navigate to a specific AKS cluster, navigate to Defender for Cloud blade on the side menu.
Thank you @Inbal Beitler . Appreciate it
Hi DiptiRanjan Swain,
As of the current state of features, it is not possible to enable Microsoft Defender for Container on a single cluster; it applies to the entire Azure subscription.
This is also stated in the documentation under https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction - and FAQ here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-general
Defender for Servers has recently entered preview, but the activation is currently only available through the REST API, not the Portal (yet).
Here is the documentaion: https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-servers-plan#enable-defender-for-servers-at-the-resource-level
And a script to help: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/Defender%20for%20Servers%20on%20resource%20level
The only option, if you do not want to enable it for your entire subscription, is to separate them into different Azure subscriptions from what I know about.
Hope it helps a bit still. We can hope it comes here to in the feature.
I got this Microsoft document for enabling Defender for specific Azure Kubernetes Cluster. Do you mean this is out of date although the last update was on 31st of Dec'23.
As per it I can see the Defender pods running on my cluster under kube-system namespace, but still there is no detection by Defender although I performed some activities on it.
Hello, @DiptiRanjan Swain ! In the documentation you linked, it describes how to enable components but when an extension is enabled it is applied subscription wide. The portal states this just outside of the screenshot in the documentation:
When you enable an extension, it will be installed on any new or existing resource, by assigning a security policy.