How to enable Microsoft Defender for Container on one cluster instead of whole subscription

Question

Hi, I am trying to enable Microsoft Defender for Container on a specific AKS cluster instead of the whole subscription. I do not want to enable it on the whole subscription. I also tried to auto fix it under the recommendation "Azure Kubernetes Service clusters should have Defender profile enabled" but that is failing without showing the reason although I have contributor access on the AKS cluster. Can someone provide me the steps/document on how to enable and configure Microsoft Defender for Container on a specific AKS cluster

Answer 1

Hi DiptiRanjan Swain,

As of the current state of features, it is not possible to enable Microsoft Defender for Container on a single cluster; it applies to the entire Azure subscription.

This is also stated in the documentation under https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction - and FAQ here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-general

Defender for Servers has recently entered preview, but the activation is currently only available through the REST API, not the Portal (yet).

Here is the documentaion: https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-servers-plan#enable-defender-for-servers-at-the-resource-level

And a script to help: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/Defender%20for%20Servers%20on%20resource%20level

The only option, if you do not want to enable it for your entire subscription, is to separate them into different Azure subscriptions from what I know about.

Hope it helps a bit still. We can hope it comes here to in the feature.

Answer 2

This capability is now in preview, it is now possible to enable Defender for containers on a single cluster, enablement is available through the AKS security dashboard in the Azure portal, or through API.