Merge pull request #261971 from dcurwin/wi2-159239-aws-containers-dec27-2023

v-ccolin · web-flow · commit 813187136360 · 2023-12-31T08:21:52.000Z
AWS Agentless Container updates
diff --git a/articles/defender-for-cloud/TOC.yml b/articles/defender-for-cloud/TOC.yml
@@ -86,7 +86,7 @@
               href: tutorial-enable-container-aws.md
             - name: Protect your Google Cloud Platform (GCP) project containers
               href: tutorial-enable-container-gcp.md
-            - name: Enable Defender for Containers components
+            - name: Configure Defender for Containers components
               displayName: kubernetes, aks, acr, registries, k8s, arc, hybrid, on-premises,
                 azure arc, multicloud
               href: defender-for-containers-enable.md
diff --git a/articles/defender-for-cloud/defender-for-containers-enable.md b/articles/defender-for-cloud/defender-for-containers-enable.md
@@ -1,6 +1,6 @@
 ---
-title: Enable Microsoft Defender for Containers components
-description: Enable the container protections of Microsoft Defender for Containers
+title: Configure Microsoft Defender for Containers components
+description: Configure the container protections of Microsoft Defender for Containers
 ms.topic: how-to
 author: dcurwin
 ms.author: dacurwin
@@ -9,7 +9,7 @@ zone_pivot_groups: k8s-host
 ms.date: 06/29/2023
 ---
 
-# Enable Microsoft Defender for Containers components
+# Configure Microsoft Defender for Containers components
 
 Microsoft Defender for Containers is the cloud-native solution for securing your containers.
 
diff --git a/articles/defender-for-cloud/includes/defender-for-containers-enable-plan-eks.md b/articles/defender-for-cloud/includes/defender-for-containers-enable-plan-eks.md
@@ -6,10 +6,10 @@ ms.date: 12/11/2023
 ms.author: dacurwin
 author: dcurwin
 ---
-## Protect Amazon Elastic Kubernetes Service clusters
+## Enable the plan
 
 > [!IMPORTANT]
-> If you haven't already connected an AWS account, [connect your AWS accounts to Microsoft Defender for Cloud](../quickstart-onboard-aws.md).
+> If you haven't already connected an AWS account, [connect your AWS accounts to Microsoft Defender for Cloud](../tutorial-enable-container-aws.md).
 
 To protect your EKS clusters, enable the Containers plan on the relevant account connector:
 
@@ -18,21 +18,21 @@ To protect your EKS clusters, enable the Containers plan on the relevant account
 
     :::image type="content" source="../media/defender-for-kubernetes-intro/select-aws-connector.png" alt-text="Screenshot of Defender for Cloud's environment settings page showing an AWS connector.":::
 
-1. Set the toggle for the **Containers** plan to **On**.
+1. Verify that the toggle for the **Containers** plan is set to **On**.
 
     :::image type="content" source="../media/defender-for-kubernetes-intro/enable-containers-plan-on-aws-connector.png" alt-text="Screenshot of enabling Defender for Containers for an AWS connector.":::
 
 1. To change optional configurations for the plan, select **Settings**.
 
     :::image type="content" source="../media/tutorial-enable-containers-aws/containers-settings.png" alt-text="Screenshot of Defender for Cloud's environment settings page showing the settings for the Containers plan." lightbox="../media/tutorial-enable-containers-aws/containers-settings.png":::
 
-    - To send Kubernetes audit logs to Microsoft Defender, toggle the setting to **On.** To change the retention period for your audit logs, enter the required time frame.
+    - Defender for Containers requires control plane audit logs to provide [runtime threat protection](../defender-for-containers-introduction.md#run-time-protection-for-kubernetes-nodes-and-clusters). To send Kubernetes audit logs to Microsoft Defender, toggle the setting to **On.** To change the retention period for your audit logs, enter the required time frame.
 
         > [!NOTE]
         > If you disable this configuration, then the `Threat detection (control plane)` feature will be disabled. Learn more about [features availability](../supported-machines-endpoint-solutions-clouds-containers.md).
 
-    - To enable the **Agentless discovery for Kubernetes** feature, toggle the setting to **On**.
-    - To enable the **Agentless Container Vulnerability Assessment** feature, toggle the setting to **On**.
+    - [Agentless discovery for Kubernetes](../defender-for-containers-architecture.md#how-does-agentless-discovery-for-kubernetes-work) provides API-based discovery of your Kubernetes clusters. To enable the **Agentless discovery for Kubernetes** feature, toggle the setting to **On**.
+    - The [Agentless Container Vulnerability Assessment](../agentless-vulnerability-assessment-aws.md) provides vulnerability management for images stored in ECR and running images on your EKS clusters. To enable the **Agentless Container Vulnerability Assessment** feature, toggle the setting to **On**.
 
 1. Continue through the remaining pages of the connector wizard.
 
