Onboard agentless container posture in Defender CSPM

Onboarding agentless container posture in Defender CSPM allows you to gain all its capabilities.

Note

Agentless container posture is available for Azure, AWS, and GCP clouds.

Defender CSPM includes two extensions that allow for agentless visibility into Kubernetes and containers registries across your organization's software development lifecycle.

How to onboard agentless container posture in Defender CSPM

1. Before starting, verify that the scope is onboarded to Defender CSPM.

2. In the Azure portal, navigate to the Defender for Cloud's Environment Settings page.

3. Select the scope that's onboarded to the Defender CSPM plan, then select Settings.

4. Ensure the Agentless discovery for Kubernetes and Agentless Container vulnerability assessments extensions are toggled to On.

5. Select Continue.

   

6. Select Save.

A notification message pops up in the top right corner that verifies that the settings were saved successfully.

Note

Agentless discovery for Kubernetes uses AKS trusted access. For more information about about AKS trusted access, see Enable Azure resources to access Azure Kubernetes Service (AKS) clusters using Trusted Access.

Next steps

• Check out common questions about Defender for Containers.
• Learn more about Trusted Access.
• Learn how to view and remediate vulnerability assessment findings for registry images.
• Learn how to view and remediate vulnerabilities for images running on your AKS clusters.
• Learn how to Test the Attack Path and Security Explorer using a vulnerable container image
• Learn how to create an exemption for a resource or subscription.
• Learn more about Cloud Security Posture Management.