last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

Configure Azure Kubernetes Service clusters to enable Defender profile

Name Configure Azure Kubernetes Service clusters to enable Defender profile
Azure Portal
Id 64def556-fbad-4622-930e-72d1d5589bf5
Version 4.0.4
details on versioning
Category Kubernetes
Microsoft docs
Description Microsoft Defender for Containers provides cloud-native Kubernetes security capabilities including environment hardening, workload protection, and run-time protection. When you enable the SecurityProfile.Defender on your Azure Kubernetes Service cluster, an agent is deployed to your cluster to collect security event data. Learn more about Microsoft Defender for Containers: https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC
Role(s)
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Rule
Aliases
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/securityProfile.defender.securityMonitoring.enabled Microsoft.ContainerService managedClusters properties.securityProfile.defender.securityMonitoring.enabled false
Rule
ResourceTypes
IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (4)
Microsoft.ContainerService/ManagedClusters
Microsoft.OperationalInsights/workspaces
Microsoft.Resources/deployments
Microsoft.Resources/resourceGroups
Compliance Not a Compliance control
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-05-26 17:43:09 change Patch (4.0.3 > 4.0.4) *changes on text case sensitivity are not tracked
2023-05-01 17:41:52 change Patch (4.0.2 > 4.0.3) *changes on text case sensitivity are not tracked
2023-03-17 18:44:06 change Patch (4.0.1 > 4.0.2) *changes on text case sensitivity are not tracked
2023-01-13 18:06:06 change Patch (4.0.0 > 4.0.1) *changes on text case sensitivity are not tracked
2022-07-26 16:32:46 change Major (3.1.1 > 4.0.0)
2022-06-24 19:15:47 change Patch, old suffix: preview (3.1.0-preview > 3.1.1)
2022-06-07 16:30:19 change Minor, suffix remains equal (3.0.3-preview > 3.1.0-preview)
2022-04-01 20:29:14 change Patch, suffix remains equal (3.0.2-preview > 3.0.3-preview)
2022-03-25 18:52:24 change Patch, suffix remains equal (3.0.1-preview > 3.0.2-preview)
2022-03-18 17:53:47 change Major, suffix remains equal (2.0.0-preview > 3.0.1-preview)
2022-03-11 18:16:48 change Major, suffix remains equal (1.1.0-preview > 2.0.0-preview)
2021-11-12 16:23:07 change Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
2021-08-23 14:26:16 add 64def556-fbad-4622-930e-72d1d5589bf5
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
Deploy Microsoft Defender for Cloud configuration Deploy-MDFC-Config Security Center GA ALZ
JSON