Редагувати

Поділитися через


Enable vulnerability assessment powered by Microsoft Defender Vulnerability Management

Vulnerability assessment powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in container images, with zero configuration for onboarding, and without deployment of any sensors.

How to enable vulnerability assessment powered by Microsoft Defender Vulnerability Management

  1. Before starting, verify that the scope is onboarded to Defender CSPM, Defender for Containers or Defender for Container Registries.

  2. In the Azure portal, navigate to the Defender for Cloud's Environment Settings page.

  3. Select the scope that's onboarded to one of the above plans. Then select Settings.

  4. Ensure the Agentless Container vulnerability assessments extension is toggled to On.

  5. Select Continue.

    Screenshot of selecting agentless discovery for Kubernetes and Container registries vulnerability assessments.

  6. Select Save.

A notification message pops up in the top right corner that verifies that the settings were saved successfully.

How to enable runtime coverage

  • For Defender CSPM, use agentless discovery for Kubernetes. For more information, see Onboard agentless container posture in Defender CSPM.
  • For Defender for Containers, use agentless discovery for Kubernetes or use the Defender sensor. For more information, see Enable the plan.
  • For Defender for Container Registries, there's no runtime coverage.

Next steps