more changes from Tomer

Author: David Curwin

articles/defender-for-cloud/defender-for-container-registries-introduction.md

@@ -9,6 +9,9 @@ ms.author: dacurwin
 ---
 # Introduction to Microsoft Defender for container registries (deprecated)
 
+> [!IMPORTANT]
+> We have started a public preview of Azure Vulnerability Assessment powered by MDVM. For more information see [Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management](agentless-container-registry-vulnerability-assessment.md).
+
 Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry. It's based on the open-source Docker Registry 2.0.
 
 To protect the Azure Resource Manager based registries in your subscription, enable **Microsoft Defender for container registries** at the subscription level. Defender for Cloud will then scan all images when they’re pushed to the registry, imported into the registry, or pulled within the last 30 days. You’ll be charged for every image that gets scanned – once per image.

articles/defender-for-cloud/disable-vulnerability-findings-containers.md

@@ -24,7 +24,7 @@ You can use a combination of any of the following criteria:
 - **Image digest** - Specify images for which vulnerabilities should be excluded based on the image digest. Separate multiple digests with a semicolon, for example: sha256:9b920e938111710c2768b31699aac9d1ae80ab6284454e8a9ff42e887fa1db31;sha256:ab0ab32f75988da9b146de7a3589c47e919393ae51bbf2d8a0d55dd92542451c
 - **OS version** - Specify images for which vulnerabilities should be excluded based on the image OS. Separate multiple versions with a semicolon, for example: ubuntu_linux_20.04;alpine_3.17
 - **Minimum Severity** - Select low, medium, high, or critical to exclude vulnerabilities less than and equal to the specified severity level.
-- **Fix status** - Select the option to exclude vulnerabilities based on their fix status. 
+- **Fix status** - Select the option to exclude vulnerabilities based on their fix status.
 
 Disable rules apply per recommendation, for example, to disable [CVE-2017-17512](https://github.com/advisories/GHSA-fc69-2v7r-7r95) both on the registry images and runtime images, the disable rule has to be configured in both places.
 
@@ -74,4 +74,3 @@ You can customize your vulnerability assessment experience by exempting manageme
 
 - Learn how to [view and remediate vulnerability assessment findings for registry images](view-and-remediate-vulnerability-assessment-findings.md).
 - Learn about [agentless container posture](concept-agentless-containers.md).
-

articles/defender-for-cloud/enable-vulnerability-assessment.md

@@ -25,12 +25,11 @@ ms.date: 07/20/2023
 
 A notification message pops up in the top right corner that will verify that the settings were saved successfully.
 
-## What are the extensions for Agentless Container Posture management?
+## How to enable runtime coverage
 
-There are two extensions that provide agentless CSPM functionality:
-
-- **Container registries vulnerability assessments**: Provides agentless containers registries vulnerability assessments. Recommendations are available based on the vulnerability assessment timeline. Learn more about [image scanning](agentless-container-registry-vulnerability-assessment.md).
-- **Agentless discovery for Kubernetes**: Provides API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup.
+- For Defender for CSPM, use Agentless Discovery for Kubernetes. For more information, see [Onboard Agentless Container posture in Defender CSPM](how-to-enable-agentless-containers.md).
+- For Defender for Containers, use an agent. For more information, see [Deploy the Defender profile in Azure](tutorial-enable-containers-azure.md#deploy-the-defender-profile-in-azure).
+- For Defender for Container Registries, there is no runtime coverage.
 
 ## Next Steps
 

articles/defender-for-cloud/how-to-enable-agentless-containers.md

@@ -20,7 +20,7 @@ Defender CSPM includes [two extensions](#what-are-the-extensions-for-agentless-c
 
 1. Select the subscription that's onboarded to the Defender CSPM plan, then select **Settings**.
 
-1. Ensure the **Agentless discovery for Kubernetes** and **Container registries vulnerability assessments** extensions are toggled to **On**.
+1. Ensure the  **Container registries vulnerability assessments** extension is toggled to **On**.
 
 1. Select **Continue**.
 

articles/defender-for-cloud/includes/registries-images-mdvm.md

@@ -0,0 +1,16 @@
+---
+ms.service: defender-for-cloud
+ms.custom: ignite-2022
+ms.topic: include
+ms.date: 07/25/2023
+ms.author: dacurwin
+author: dcurwin
+---
+
+## Registries and images - powered by MDVM
+
+| Aspect | Details |
+|--|--|
+| Registries and images | **Supported**<br> • ACR registries <br> • [ACR registries protected with Azure Private Link](/azure/container-registry/container-registry-private-link) (Private registries requires access to Trusted Services) <br> • Container images in Docker V2 format <br>  **Unsupported**<br>   • Super-minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images<br> • "Distroless" images that only contain an application and its runtime dependencies without a package manager, shell, or OS<br> is currently unsupported <br> • Images in [Open Container Initiative (OCI)](https://github.com/opencontainers/image-spec/blob/main/spec.md) <br> • Windows images<br>|
+| OS Packages | **Supported** <br> • Alpine Linux 3.12-3.16 <br> • Red Hat Enterprise Linux 6-9 <br> • CentOS 6-9<br> • Oracle Linux 6-9 <br> • Amazon Linux 1, 2 <br> • openSUSE Leap, openSUSE Tumbleweed <br> • SUSE Enterprise Linux 11-15 <br> • Debian GNU/Linux 7-12 <br> • Ubuntu 12.04-22.04 <br>  • Fedora 31-37<br> • Mariner 1-2|
+| Language specific packages <br><br>  | **Supported** <br> • Python <br> • Node.js <br> • .NET <br> • JAVA <br> • Go |

articles/defender-for-cloud/media/concept-agentless-containers/settings-continue.png

@@ -24,13 +24,7 @@ Review the requirements on this page before setting up [agentless containers pos
 | Clouds:    | :::image type="icon" source="./media/icons/yes-icon.png"::: Azure Commercial clouds<br> :::image type="icon" source="./media/icons/no-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure China 21Vianet<br>:::image type="icon" source="./media/icons/no-icon.png"::: Connected AWS accounts<br>:::image type="icon" source="./media/icons/no-icon.png"::: Connected GCP accounts         |
 | Permissions | You need to have access as a:<br><br> - Subscription Owner, **or** <br> - User Access Admin and Security Admin permissions for the Azure subscription used for onboarding |
 
-## Registries and images - powered by MDVM
-
-| Aspect | Details |
-|--|--|
-| Registries and images | **Supported**<br> • ACR registries <br> • [ACR registries protected with Azure Private Link](../container-registry/container-registry-private-link.md) (Private registries requires access to Trusted Services) <br> • Container images in Docker V2 format <br>  **Unsupported**<br>   • Super-minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images<br> • "Distroless" images that only contain an application and its runtime dependencies without a package manager, shell, or OS<br> is currently unsupported <br> • Images in [Open Container Initiative (OCI)](https://github.com/opencontainers/image-spec/blob/main/spec.md) <br> • Windows images<br>|
-| OS Packages | **Supported** <br> • Alpine Linux 3.12-3.16 <br> • Red Hat Enterprise Linux 6-9 <br> • CentOS 6-9<br> • Oracle Linux 6-9 <br> • Amazon Linux 1, 2 <br> • openSUSE Leap, openSUSE Tumbleweed <br> • SUSE Enterprise Linux 11-15 <br> • Debian GNU/Linux 7-12 <br> • Ubuntu 12.04-22.04 <br>  • Fedora 31-37<br> • Mariner 1-2|
-| Language specific packages <br><br>  | **Supported** <br> • Python <br> • Node.js <br> • .NET <br> • JAVA <br> • Go |
+[!INCLUDE [Registries and images support powered by MDVM](./includes/registries-images-mdvm.md)]
 
 ## Prerequisites
 

articles/defender-for-cloud/support-agentless-containers-posture.md

@@ -42,6 +42,8 @@ This article summarizes support information for the [Defender for Containers pla
 | OS Packages | **Supported** <br> • Alpine Linux 3.12-3.16 <br> • Red Hat Enterprise Linux 6, 7, 8 <br> • CentOS 6, 7 <br> • Oracle Linux 6, 7, 8 <br> • Amazon Linux 1, 2 <br> • openSUSE Leap 42, 15 <br> • SUSE Enterprise Linux 11, 12, 15 <br> • Debian GNU/Linux wheezy, jessie, stretch, buster, bullseye <br> • Ubuntu 10.10-22.04 <br> • FreeBSD 11.1-13.1  <br> • Fedora 32, 33, 34, 35|
 | Language specific packages (Preview) <br><br> (**Only supported for Linux images**) | **Supported** <br> • Python <br> • Node.js <br> • .NET <br> • JAVA <br> • Go |
 
+[!INCLUDE [Registries and images support powered by MDVM](./includes/registries-images-mdvm.md)]
+
 ### Kubernetes distributions and configurations
 
 | Aspect | Details |

articles/defender-for-cloud/support-matrix-defender-for-containers.md

@@ -11,7 +11,7 @@ ms.date: 07/11/2023
 
 Defender for Cloud gives its customers the ability to prioritize the remediation of vulnerabilities in images that are currently being used within their environment using the [Running container images should have vulnerability findings resolved](https://portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/KubernetesRuntimeVisibilityRecommendationDetailsBlade/assessmentKey/41503391-efa5-47ee-9282-4eff6131462ce) recommendation.
 
-To provide findings for the recommendation, Defender CSPM uses [agentless container registry vulnerability assessment](agentless-container-registry-vulnerability-assessment.md) to create a full inventory of your Kubernetes clusters and their workloads and correlates that inventory with the [agentless container registry vulnerability assessment](agentless-container-registry-vulnerability-assessment.md). The recommendation shows your running containers with the vulnerabilities associated with the images that are used by each container and provides vulnerability reports and remediation steps.
+To provide findings for the recommendation, Defender CSPM uses [agentless container registry vulnerability assessment](agentless-container-registry-vulnerability-assessment.md) or the [Defender agent](tutorial-enable-containers-azure.md#deploy-the-defender-profile-in-azure) to create a full inventory of your K8s clusters and their workloads and correlates that inventory with the [container vulnerability assessment powered by MDVM](agentless-container-registry-vulnerability-assessment.md). The recommendation shows your running containers with the vulnerabilities associated with the images that are used by each container and provides vulnerability reports and remediation steps.
 
 Defender for Cloud presents the findings and related information as recommendations, including related information such as remediation steps and relevant CVEs. You can view the identified vulnerabilities for one or more subscriptions, or for a specific resource.
 

articles/defender-for-cloud/view-and-remediate-vulnerabilities-for-images-running-on-aks.md

@@ -18,24 +18,24 @@ The resources are grouped into tabs:
 
 First review and remediate vulnerabilities exposed via [attack paths](how-to-manage-attack-path.md), as they pose the greatest risk to your security posture; then use the following procedures to view, remediate, prioritize, and monitor vulnerabilities for your containers.
 
-## View vulnerabilities on a specific container registry 
+## View vulnerabilities on a specific container registry
 
 1. Open the **Recommendations** page, using the **>** arrow to open the sub-levels. If issues were found, you'll see the recommendation [Container registry images should have vulnerability findings resolved (powered by MDVM)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5). Select the recommendation.
 
-    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png" alt-text="Screenshot showing the line for recommendation container registry images should have vulnerability findings resolved." lightbox="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png"::: 
+    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png" alt-text="Screenshot showing the line for recommendation container registry images should have vulnerability findings resolved." lightbox="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png":::
 
 1. The recommendation details page opens with additional information. This information includes the list of registries with vulnerable images ("affected resources") and the remediation steps. Select the affected registry.
 
     :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-registry.png" alt-text="Screenshot showing the recommendation details and affected registries." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-registry.png":::
 
-1. This opens the registry details with a list of repositories in it that have vulnerable images. Select the affected repository to see the images in it that are vulnerable. 
+1. This opens the registry details with a list of repositories in it that have vulnerable images. Select the affected repository to see the images in it that are vulnerable.
 
     :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-repo.png" alt-text="Screenshot showing where to select the specific repository." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-repo.png":::
 
-1. The repository details page opens. It lists all vulnerable images on that repository with distribution of the severity of vulnerabilities per image. Select the unhealthy image to see the vulnerabilities. 
+1. The repository details page opens. It lists all vulnerable images on that repository with distribution of the severity of vulnerabilities per image. Select the unhealthy image to see the vulnerabilities.
+
+    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-unhealthy-image.png" alt-text="Screenshot showing where to select the unhealthy image." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-unhealthy-image.png":::
 
-    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-unhealthy-image.png" alt-text="Screenshot showing where to select the unhealthy image." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-unhealthy-image.png"::: 
-    
 1. The list of vulnerabilities for the selected image opens. To learn more about a finding, select the finding.
 
     :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-image-finding.png" alt-text="Screenshot showing the list of findings on the specific image." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-image-finding.png":::
@@ -48,11 +48,11 @@ First review and remediate vulnerabilities exposed via [attack paths](how-to-man
 
 1. Open the **Recommendations** page. If issues were found, you'll see the recommendation [Container registry images should have vulnerability findings resolved (powered by MDVM)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5). Select the recommendation.
 
-    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png" alt-text="Screenshot showing the line for recommendation container registry images should have vulnerability findings resolved." lightbox="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png"::: 
+    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png" alt-text="Screenshot showing the line for recommendation container registry images should have vulnerability findings resolved." lightbox="media/view-and-remediate-vulnerability-assessment-findings/open-recommendations-page.png":::
 
 1. The recommendation details page opens with additional information. This information includes the list of vulnerabilities impacting the images. Select the specific vulnerability.
 
-    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-specific-vulnerability.png" alt-text="Screenshot showing the list of vulnerabilities impacting the images." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-specific-vulnerability.png"::: 
+    :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-specific-vulnerability.png" alt-text="Screenshot showing the list of vulnerabilities impacting the images." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-specific-vulnerability.png":::
 
 1. The vulnerability finding details pane opens. This pane includes a detailed description of the vulnerability, images affected by that vulnerability, and links to external resources to help mitigate the threats, affected resources, and information on the software version that contributes to [resolving the vulnerability](#remediate-vulnerabilities).
 
@@ -62,17 +62,16 @@ First review and remediate vulnerabilities exposed via [attack paths](how-to-man
 
 Use these steps to remediate each of the affected images found either in a specific cluster or for a specific vulnerability:
 
-1. Follow the steps in the remediation section of the recommendation pane. 
-1. When you've completed the steps required to remediate the security issue, replace each affected image in your registry or replace each affected image for a specific vulnerability: 
+1. Follow the steps in the remediation section of the recommendation pane.
+1. When you've completed the steps required to remediate the security issue, replace each affected image in your registry or replace each affected image for a specific vulnerability:
     1. Build a new image, (including updates for each of the packages) that resolves the vulnerability according to the remediation details.
     1. Push the updated image to trigger a scan; it may take up to 24 hours for the previous image to be removed from the results, and for the new image to be included in the results.
-    1.Delete the vulnerable image from the registry. 
-
+    1. Delete the vulnerable image from the registry.
 
-1. Check the recommendations page for the recommendation [Container registry images should have vulnerability findings resolved (powered by MDVM)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5). 
-If the recommendation still appears and the image you've handled still appears in the list of vulnerable images, check the remediation steps again. 
+1. Check the recommendations page for the recommendation [Container registry images should have vulnerability findings resolved (powered by MDVM)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5).
+If the recommendation still appears and the image you've handled still appears in the list of vulnerable images, check the remediation steps again.
 
-## Next Steps 
+## Next steps
 
 - Learn how to [view and remediate vulnerabilities for images running on Azure Kubernetes clusters](view-and-remediate-vulnerabilities-for-images-running-on-aks.md).
 - Learn more about the Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads).