Merge pull request #191564 from ElazarK/disable-all-auto

Update Containers documentation with the scenario of disabling all auto provisioning configurations

Author: PRMerger14

articles/defender-for-cloud/defender-for-containers-enable.md

@@ -3,7 +3,7 @@ title: How to enable Microsoft Defender for Containers in Microsoft Defender for
 description: Enable the container protections of Microsoft Defender for Containers
 ms.topic: overview
 zone_pivot_groups: k8s-host
-ms.date: 02/28/2022
+ms.date: 03/15/2022
 ---
 # Enable Microsoft Defender for Containers
 

articles/defender-for-cloud/includes/defender-for-containers-enable-plan-aks.md

@@ -33,6 +33,11 @@ ms.author: memildin
     - Azure Kubernetes Service profile - [Azure Kubernetes Service clusters should have Defender profile enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/56a83a6e-c417-42ec-b567-1e6fcb3d09a9)
     - Azure Arc-enabled Kubernetes extension - [Azure Arc-enabled Kubernetes clusters should have the Defender extension installed](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/3ef9848c-c2c8-4ff3-8b9c-4c8eb8ddfce6)
 
+    > [!Note]
+    >Microsoft Defender for Containers is configured to defend all of your clouds automatically. When you install all of the required prerequisites and enable all of the auto provisioning capabilities.
+    >
+    > If you choose to disable all of the auto provision configuration options, no agents, or components will be deployed to your clusters. Protection will be limited to the Agentless features only. Learn which features are Agentless in the [availability section](../supported-machines-endpoint-solutions-clouds-containers.md) for Defender for Containers. 
+
 ## Deploy the Defender profile
 
 You can enable the Defender for Containers plan and deploy all of the relevant components from the Azure portal, the REST API, or with a Resource Manager template. For detailed steps, select the relevant tab.

articles/defender-for-cloud/includes/defender-for-containers-enable-plan-eks.md

@@ -21,10 +21,13 @@ To protect your EKS clusters, enable the Containers plan on the relevant account
 
     :::image type="content" source="../media/defender-for-kubernetes-intro/enable-containers-plan-on-aws-connector.png" alt-text="Screenshot of enabling Defender for Containers for an AWS connector.":::
 
-1. Optionally, to change the retention period for your audit logs, select **Configure**, enter the required timeframe, and select **Save**.
+1. (Optional) To change the retention period for your audit logs, select **Configure**, enter the required timeframe, and select **Save**.
 
     :::image type="content" source="../media/defender-for-kubernetes-intro/adjust-eks-logs-retention.png" alt-text="Screenshot of adjusting the retention period for EKS control pane logs." lightbox="../media/defender-for-kubernetes-intro/adjust-eks-logs-retention.png":::
 
+    > [!Note]
+    > If you disable this configuration, then the `Threat detection (control plane)` feature will be disabled. Learn more about [features availability](../supported-machines-endpoint-solutions-clouds-containers.md).
+
 1. Continue through the remaining pages of the connector wizard.
 
 1. Azure Arc-enabled Kubernetes, the Defender extension, and the Azure Policy extension should be installed and running on your EKS clusters. There are 2 dedicated Defender for Cloud recommendations to install these extensions (and Azure Arc if necessary):

articles/defender-for-cloud/quickstart-onboard-aws.md

@@ -2,7 +2,7 @@
 title: Connect your AWS account to Microsoft Defender for Cloud
 description: Defend your AWS resources with Microsoft Defender for Cloud
 ms.topic: quickstart
-ms.date: 03/10/2022
+ms.date: 03/15/2022
 zone_pivot_groups: connect-aws-accounts
 ms.custom: mode-other
 ---
@@ -142,6 +142,9 @@ Additional extensions should be enabled on Arc-connected machines. These extensi
     > [!Note] 
     > Azure Arc-enabled Kubernetes, the Defender Arc extension, and the Azure Policy Arc extension should be installed. Use the dedicated Defender for Cloud recommendations to deploy the extensions (and Arc, if necessary) as explained in [Protect Amazon Elastic Kubernetes Service clusters](defender-for-containers-enable.md?tabs=defender-for-container-eks).
 
+
+    - (Optional) Select **Configure**, to edit the configuration as required. If you choose to disable this configuration, the `Threat detection (control plane)` feature will be disabled. Learn more about the [feature availability](supported-machines-endpoint-solutions-clouds-containers.md).
+
 1. Select **Next: Configure access**.
 
 1. Download the CloudFormation template.

articles/defender-for-cloud/quickstart-onboard-gcp.md

@@ -186,6 +186,8 @@ Microsoft Defender for Containers brings threat detection, and advanced defences
     - Defender for Cloud recommendations, for per cluster installation, which will appear on the Microsoft Defender for Cloud's Recommendations page. Learn how to [deploy the solution to specific clusters](defender-for-containers-enable.md?tabs=defender-for-container-gke#deploy-the-solution-to-specific-clusters).
     - Manual installation for [Arc-enabled Kubernetes](../azure-arc/kubernetes/quickstart-connect-cluster.md), and [extensions](../azure-arc/kubernetes/extensions.md).
 
+If you choose to disable all of available configuration options, no agents, or components will be deployed to your clusters. Learn more about the [features availability](supported-machines-endpoint-solutions-clouds-containers.md).
+
 **To configure the Containers plan**:
 
 1. Follow the steps to [Connect your GCP project](#connect-your-gcp-project).