Defender for Containers deployment overview - Microsoft Defender for Cloud (original) (raw)
Microsoft Defender for Containers provides threat protection, vulnerability assessment, and security posture management for Kubernetes clusters across cloud environments through Microsoft Defender for Cloud.
Defender for Containers is enabled and deployed differently depending on the Kubernetes environment. Azure Kubernetes Service (AKS) uses Azure-native integrations, while Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE) rely on multicloud connectors, Azure Arc-enabled Kubernetes, and environment-specific components.
- Azure Kubernetes Service (AKS)
- Amazon Elastic Kubernetes Service (EKS)
- Google Kubernetes Engine (GKE)
- Arc-enabled Kubernetes
Microsoft Defender for Containers extends security monitoring and protection to Azure Kubernetes Service (AKS) clusters through Microsoft Defender for Cloud. It helps security and DevOps teams gain visibility into container image vulnerabilities, runtime activity, and Kubernetes configuration risks in Azure environments.
Integration with Azure
Defender for Containers integrates natively with Azure services to protect AKS clusters. When enabled on an Azure subscription, the solution:
- Discovers AKS clusters in the subscription
- Deploys Defender for Containers components by using Azure-managed integrations
- Assesses container images stored in Azure Container Registry (ACR) for vulnerabilities
- Collects runtime security signals from AKS clusters
- Generates security recommendations based on observed configuration and posture
- Surfaces alerts that integrate with Microsoft security tooling
The integration is designed to operate using Azure-native capabilities and doesn't require inbound connectivity to AKS clusters.
Note
AKS control plane audit logs are collected through Azure-managed control plane integration. Defender for Containers doesn’t rely on Kubernetes-native audit log pipelines or require you to enable audit logging in the cluster.
Key capabilities
Defender for Containers provides the following capabilities for AKS environments:
- Container image vulnerability assessment for images stored in Azure Container Registry (ACR)
- Threat detection and alerting based on runtime signals collected from AKS nodes, workloads, and Kubernetes audit logs
- Security posture insights for Kubernetes clusters and workloads, aligned with Kubernetes and Azure security best practices
Note
Available signals and detections depend on cluster configuration and enabled components.
View your current coverage
Defender for Cloud provides access to workbooks through Azure workbooks. Workbooks are customizable reports that help you understand your security posture.
The coverage workbook shows which Defender for Cloud plans and components are enabled across your subscriptions and connected environments.
Pricing
Defender for Containers is billed as part of Microsoft Defender for Cloud. Pricing depends on the enabled components and the number of protected resources.
For pricing details, see Microsoft Defender for Cloud pricing.