Protect your on-premises Kubernetes clusters with Defender for Containers

Defender for Containers in Microsoft Defender for Cloud is the cloud-native solution that is used to secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications.

Learn more about Overview of Microsoft Defender for Containers.

You can learn more about Defender for Container's pricing on the pricing page.


Enable the Defender for Containers plan

By default, when enabling the plan through the Azure portal, Microsoft Defender for Containers is configured to automatically install required components to provide the protections offered by plan, including the assignment of a default workspace.

If you would prefer to assign a custom workspace, one can be assigned through the Azure Policy.

To enable Defender for Containers plan on your subscription:

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. In the Defender for Cloud menu, select Environment settings.

  4. Select the relevant subscription.

  5. On the Defender plans page, toggle the Containers plan to On.

    Screenshot of the Defender plans page that shows where to toggle the containers plan switch to on is located.

  6. Select Save.


To enable or disable individual Defender for Containers capabilities, either globally or for specific resources, see How to enable Microsoft Defender for Containers components.

Deploy the Defender sensor on Arc-enabled Kubernetes clusters

You can enable the Defender for Containers plan and deploy all of the relevant components in different ways. We walk you through the steps to accomplish this using the Azure portal. Learn how to deploy the Defender sensor with REST API, Azure CLI or with a Resource Manager template.

To deploy the Defender sensor in Azure:

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. Navigate to the Recommendations page.

  4. Search for and select the Azure Arc-enabled Kubernetes clusters should have the Defender extension installed recommendation.

    Microsoft Defender for Cloud's recommendation for deploying the Defender sensor for Azure Arc-enabled Kubernetes clusters.

  5. Select all of the relevant affected resources.

  6. Select Fix.

Next steps