last sync: 2024-Oct-07 17:51:17 UTC

Configure Azure Kubernetes Service clusters to enable Defender profile

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure Azure Kubernetes Service clusters to enable Defender profile
Id 64def556-fbad-4622-930e-72d1d5589bf5
Version 4.3.0
Details on versioning
Versioning Versions supported for Versioning: 4
4.0.4
4.1.0
4.2.0
4.3.0
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Microsoft Defender for Containers provides cloud-native Kubernetes security capabilities including environment hardening, workload protection, and run-time protection. When you enable the SecurityProfile.Defender on your Azure Kubernetes Service cluster, an agent is deployed to your cluster to collect security event data. Learn more about Microsoft Defender for Containers: https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Kubernetes Agent Operator 5e93ba01-8f92-4c7a-b12a-801e3df23824
Defender Kubernetes Agent Operator 8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/securityProfile.defender.securityMonitoring.enabled Microsoft.ContainerService managedClusters properties.securityProfile.azureDefender.enabled False properties.securityProfile.defender.securityMonitoring.enabled False
Rule resource types IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (4)
Microsoft.ContainerService/ManagedClusters
Microsoft.OperationalInsights/workspaces
Microsoft.Resources/deployments
Microsoft.Resources/resourceGroups
Compliance
The following 1 compliance controls are associated with this Policy definition 'Configure Azure Kubernetes Service clusters to enable Defender profile' (64def556-fbad-4622-930e-72d1d5589bf5)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found n/a n/a 63
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Deploy Microsoft Defender for Cloud configuration Deploy-MDFC-Config Security Center Deprecated ALZ
Deploy Microsoft Defender for Cloud configuration Deploy-MDFC-Config_20240319 Security Center GA ALZ
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-08-20 18:21:51 change Minor (4.2.0 > 4.3.0)
2024-06-10 18:18:08 change Minor (4.1.0 > 4.2.0)
2024-02-27 19:10:20 change Minor (4.0.4 > 4.1.0)
2023-05-26 17:43:09 change Patch (4.0.3 > 4.0.4)
2023-05-01 17:41:52 change Patch (4.0.2 > 4.0.3)
2023-03-17 18:44:06 change Patch (4.0.1 > 4.0.2)
2023-01-13 18:06:06 change Patch (4.0.0 > 4.0.1)
2022-07-26 16:32:46 change Major (3.1.1 > 4.0.0)
2022-06-24 19:15:47 change Patch, old suffix: preview (3.1.0-preview > 3.1.1)
2022-06-07 16:30:19 change Minor, suffix remains equal (3.0.3-preview > 3.1.0-preview)
2022-04-01 20:29:14 change Patch, suffix remains equal (3.0.2-preview > 3.0.3-preview)
2022-03-25 18:52:24 change Patch, suffix remains equal (3.0.1-preview > 3.0.2-preview)
2022-03-18 17:53:47 change Major, suffix remains equal (2.0.0-preview > 3.0.1-preview)
2022-03-11 18:16:48 change Major, suffix remains equal (1.1.0-preview > 2.0.0-preview)
2021-11-12 16:23:07 change Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
2021-08-23 14:26:16 add 64def556-fbad-4622-930e-72d1d5589bf5
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC