Protect your on-premises Kubernetes clusters with Defender for Containers

Defender for Containers in Microsoft Defender for Cloud is the cloud-native solution that is used to secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications.

Learn more about Overview of Microsoft Defender for Containers.

You can learn more about Defender for Container's pricing on the pricing page.

Prerequisites

• You need a Microsoft Azure subscription. If you don't have an Azure subscription, you can sign up for a free subscription.

• You must enable Microsoft Defender for Cloud on your Azure subscription.

• Ensure the following Azure Arc-enabled Kubernetes network requirements are validated and connect the Kubernetes cluster to Azure Arc.

• Validate the following endpoints are configured for outbound access so that the Defender sensor can connect to Microsoft Defender for Cloud to send security data and events:

  Domain	Port
  *.ods.opinsights.azure.com	443
  *.oms.opinsights.azure.com	443
  login.microsoftonline.com	443

• Connect the Kubernetes cluster to Azure Arc

Enable the Defender for Containers plan

By default, when enabling the plan through the Azure portal, Microsoft Defender for Containers is configured to automatically install required components to provide the protections offered by plan, including the assignment of a default workspace.

If you would prefer to assign a custom workspace, one can be assigned through the Azure Policy.

To enable Defender for Containers plan on your subscription:

1. Sign in to the Azure portal.

2. Search for and select Microsoft Defender for Cloud.

3. In the Defender for Cloud menu, select Environment settings.

4. Select the relevant subscription.

5. On the Defender plans page, toggle the Containers plan to On.

   

6. Select Save.

Note

To enable or disable individual Defender for Containers capabilities, either globally or for specific resources, see How to enable Microsoft Defender for Containers components.

Deploy the Defender sensor on Arc-enabled Kubernetes clusters

You can enable the Defender for Containers plan and deploy all of the relevant components in different ways. We walk you through the steps to accomplish this using the Azure portal. Learn how to deploy the Defender sensor with REST API, Azure CLI or with a Resource Manager template.

To deploy the Defender sensor in Azure:

1. Sign in to the Azure portal.

2. Search for and select Microsoft Defender for Cloud.

3. Navigate to the Recommendations page.

4. Search for and select the Azure Arc-enabled Kubernetes clusters should have the Defender extension installed recommendation.

   

5. Select all of the relevant affected resources.

6. Select Fix.

Next steps

• For advanced enablement features for Defender for Containers, see the Enable Microsoft Defender for Containers page.

• Overview of Microsoft Defender for Containers.