You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/defender-for-containers-introduction.md
+17-7Lines changed: 17 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Container security with Microsoft Defender for Cloud
3
3
description: Learn about Microsoft Defender for Containers
4
4
ms.topic: overview
5
-
ms.date: 08/01/2022
5
+
ms.date: 08/17/2022
6
6
---
7
7
8
8
# Overview of Microsoft Defender for Containers
@@ -55,20 +55,30 @@ You can learn more about [Kubernetes data plane hardening](kubernetes-workload-p
55
55
56
56
### Scanning images in ACR registries
57
57
58
-
Defender for Containers includes an integrated vulnerability scanner for scanning images in Azure Container Registry registries. The vulnerability scanner runs on an image:
58
+
Defender for Containers offers vulnerability scanning for images in Azure Container Registries (ACRs). Triggers for scanning an image include:
59
59
60
-
- When you push the image to your registry
61
-
- Weekly on any image that was pulled within the last 30
62
-
- When you import the image to your Azure Container Registry
63
-
- Continuously in specific situations
60
+
-**On push**: When an image is pushed in to a registry for storage, Defender for Containers automatically scans the image.
61
+
62
+
-**Recently pulled**: Weekly scans of images that have been pulled in the last 30 days.
63
+
64
+
-**On import**: When you import images into an ACR, Defender for Containers scans any supported images.
64
65
65
66
Learn more in [Vulnerability assessment](defender-for-containers-usage.md).
66
67
67
68
:::image type="content" source="./media/defender-for-containers/recommendation-acr-images-with-vulnerabilities.png" alt-text="Sample Microsoft Defender for Cloud recommendation about vulnerabilities discovered in Azure Container Registry (ACR) hosted images." lightbox="./media/defender-for-containers/recommendation-acr-images-with-vulnerabilities.png":::
68
69
69
70
### View vulnerabilities for running images
70
71
71
-
The recommendation `Running container images should have vulnerability findings resolved` shows vulnerabilities for running images by using the scan results from ACR registries and information on running images from the Defender agent. Images that are deployed from a non-ACR registry, will appear under the Not applicable tab.
72
+
Defender for Cloud gives its customers the ability to prioritize the remediation of vulnerabilities in images that are currently being used within their environment using the [Running container images should have vulnerability findings resolved](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/KubernetesRuntimeVisibilityRecommendationDetailsBlade/assessmentKey/41503391-efa5-47ee-9282-4eff6131462c/showSecurityCenterCommandBar~/false) recommendation.
73
+
74
+
Defender for Cloud is able to provide the recommendation, by correlating the inventory of your running containers that are collected by the Defender agent which is installed on your AKS clusters, with the vulnerability assessment scan of images that are stored in ACR. The recommendation then shows your running containers with the vulnerabilities associated with the images that are used by each container and provides you with vulnerability reports and remediation steps.
75
+
76
+
> [!NOTE]
77
+
> **Windows containers**: There is no Defender agent for Windows containers, the Defender agent is deployed to a Linux node running in the cluster, to retrieve the running container inventory for your Windows nodes.
78
+
>
79
+
> Images that aren't pulled from ACR for deployment in AKS won't be checked and will appear under the **Not applicable** tab.
80
+
>
81
+
> Images that have been deleted from their ACR registry, but are still running, won't be reported on only 30 days after their last scan occurred in ACR.
72
82
73
83
:::image type="content" source="media/defender-for-containers/running-image-vulnerabilities-recommendation.png" alt-text="Screenshot showing where the recommendation is viewable." lightbox="media/defender-for-containers/running-image-vulnerabilities-recommendation-expanded.png":::
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/release-notes.md
+14-5Lines changed: 14 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Release notes for Microsoft Defender for Cloud
3
3
description: A description of what's new and changed in Microsoft Defender for Cloud
4
4
ms.topic: reference
5
-
ms.date: 08/14/2022
5
+
ms.date: 08/17/2022
6
6
---
7
7
8
8
# What's new in Microsoft Defender for Cloud?
@@ -20,8 +20,17 @@ To learn about *planned* changes that are coming soon to Defender for Cloud, see
20
20
21
21
Updates in August include:
22
22
23
+
-[Vulnerabilities for running images are now visible with Defender for Container on your Windows containers](#vulnerabilities-for-running-images-are-now-visible-with-defender-for-container-on-your-windows-containers)
23
24
-[Auto-deployment of Azure Monitor Agent (Preview)](#auto-deployment-of-azure-monitor-agent-preview)
24
25
26
+
### Vulnerabilities for running images are now visible with Defender for Container on your Windows containers
27
+
28
+
Defender for Container now allows you to view vulnerabilities for your running Windows containers.
29
+
30
+
When vulnerabilities are detected, Defender for Cloud shows the detected issues, and generates the following security recommendation [Running container images should have vulnerability findings resolved](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/KubernetesRuntimeVisibilityRecommendationDetailsBlade/assessmentKey/41503391-efa5-47ee-9282-4eff6131462c/showSecurityCenterCommandBar~/false).
31
+
32
+
Learn more about [viewing your vulnerabilities for running images](defender-for-containers-introduction.md#view-vulnerabilities-for-running-images).
33
+
25
34
### Auto-deployment of Azure Monitor Agent (Preview)
26
35
27
36
The [Azure Monitor Agent](../azure-monitor/agents/agents-overview.md) (AMA) collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud.
@@ -39,9 +48,9 @@ Updates in July include:
39
48
-[Key Vault recommendations changed to "audit"](#key-vault-recommendations-changed-to-audit)
40
49
-[Deprecate API App policies for App Service](#deprecate-api-app-policies-for-app-service)
41
50
42
-
### General availability (GA) of the Cloud-native security agent for Kubernetes runtime protection
51
+
### General availability (GA) of the cloud-native security agent for Kubernetes runtime protection
43
52
44
-
We're excited to share that the Cloud-native security agent for Kubernetes runtime protection is now generally available (GA)!
53
+
We're excited to share that the cloud-native security agent for Kubernetes runtime protection is now generally available (GA)!
45
54
46
55
The production deployments of Kubernetes clusters continue to grow as customers continue to containerize their applications. To assist with this growth, the Defender for Containers team has developed a cloud-native Kubernetes oriented security agent.
47
56
@@ -189,7 +198,7 @@ You can now also group your alerts by resource group to view all of your alerts
189
198
190
199
Until now, the integration with Microsoft Defender for Endpoint (MDE) included automatic installation of the new [MDE unified solution](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution&preserve-view=true) for machines (Azure subscriptions and multicloud connectors) with Defender for Servers Plan 1 enabled, and for multicloud connectors with Defender for Servers Plan 2 enabled. Plan 2 for Azure subscriptions enabled the unified solution for Linux machines and Windows 2019 and 2022 servers only. Windows servers 2012R2 and 2016 used the MDE legacy solution dependent on Log Analytics agent.
191
200
192
-
Now, the new unified solution is available for all machines in both plans, for both Azure subscriptions and multi-cloud connectors. For Azure subscriptions with Servers Plan 2 that enabled MDE integration *after* June 20th 2022, the unified solution is enabled by default for all machines Azure subscriptions with the Defender for Servers Plan 2 enabled with MDE integration *before* June 20th 2022 can now enable unified solution installation for Windows servers 2012R2 and 2016 through the dedicated button in the Integrations page:
201
+
Now, the new unified solution is available for all machines in both plans, for both Azure subscriptions and multicloud connectors. For Azure subscriptions with Servers Plan 2 that enabled MDE integration *after* June 20th 2022, the unified solution is enabled by default for all machines Azure subscriptions with the Defender for Servers Plan 2 enabled with MDE integration *before* June 20th 2022 can now enable unified solution installation for Windows servers 2012R2 and 2016 through the dedicated button in the Integrations page:
193
202
194
203
:::image type="content" source="media/integration-defender-for-endpoint/enable-unified-solution.png" alt-text="The integration between Microsoft Defender for Cloud and Microsoft's EDR solution, Microsoft Defender for Endpoint, is enabled." lightbox="media/integration-defender-for-endpoint/enable-unified-solution.png":::
195
204
@@ -467,7 +476,7 @@ All of Microsoft's Defender for IoT device alerts are no longer visible in Micro
467
476
468
477
### Posture management and threat protection for AWS and GCP released for general availability (GA)
469
478
470
-
-**Defender for Cloud's CSPM features** extend to your AWS and GCP resources. This agentless plan assesses your multi cloud resources according to cloud-specific security recommendations that are included in your secure score. The resources are assessed for compliance using the built-in standards. Defender for Cloud's asset inventory page is a multicloud enabled feature that allows you to manage your AWS resources alongside your Azure resources.
479
+
-**Defender for Cloud's CSPM features** extend to your AWS and GCP resources. This agentless plan assesses your multicloud resources according to cloud-specific security recommendations that are included in your secure score. The resources are assessed for compliance using the built-in standards. Defender for Cloud's asset inventory page is a multicloud enabled feature that allows you to manage your AWS resources alongside your Azure resources.
471
480
472
481
-**Microsoft Defender for Servers** brings threat detection and advanced defenses to your compute instances in AWS and GCP. The Defender for Servers plan includes an integrated license for Microsoft Defender for Endpoint, vulnerability assessment scanning, and more. Learn about all of the [supported features for virtual machines and servers](supported-machines-endpoint-solutions-clouds-servers.md). Automatic onboarding capabilities allow you to easily connect any existing or new compute instances discovered in your environment.
0 commit comments