Merge pull request #262094 from dcurwin/wi-195470-enablement-method-jan1-2024

prmerger-automator[bot] · web-flow · commit f86f6b451033 · 2024-01-10T11:57:13.000Z
Add enablement method to support matrix
diff --git a/articles/defender-for-cloud/common-questions-microsoft-defender-vulnerability-management.md b/articles/defender-for-cloud/common-questions-microsoft-defender-vulnerability-management.md
@@ -54,7 +54,7 @@ There's no difference for coverage of language specific packages between the Qua
 
 - [Full list of supported packages and their versions for Microsoft Defender Vulnerability Management](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management)
 
-- [Full list of supported packages and their versions for Qualys](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys)
+- [Full list of supported packages and their versions for Qualys](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys-deprecated)
 
 ## Are there any other capabilities that are unique to the Microsoft Defender Vulnerability Management powered offering?
 
diff --git a/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md b/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md
@@ -3,7 +3,7 @@ title: Vulnerability assessment for Azure powered by Qualys (Deprecated)
 description: Learn how to use Defender for Containers to scan images in your Azure Container Registry to find vulnerabilities.
 author: dcurwin
 ms.author: dacurwin
-ms.date: 12/25/2023
+ms.date: 01/10/2024
 ms.topic: how-to
 ms.custom: ignite-2022, build-2023
 ---
@@ -30,9 +30,9 @@ In every subscription where this capability is enabled, all images stored in ACR
 
 Container vulnerability assessment powered by Qualys has the following capabilities:
 
-- **Scanning OS packages** - container vulnerability assessment can scan vulnerabilities in packages installed by the OS package manager in Linux. See the [full list of the supported OS and their versions](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys).
+- **Scanning OS packages** - container vulnerability assessment can scan vulnerabilities in packages installed by the OS package manager in Linux. See the [full list of the supported OS and their versions](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys-deprecated).
 
-- **Language specific packages** – support for language specific packages and files, and their dependencies installed or copied without the OS package manager. See the [full list of supported languages](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys).
+- **Language specific packages** – support for language specific packages and files, and their dependencies installed or copied without the OS package manager. See the [full list of supported languages](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys-deprecated).
 
 - **Image scanning in Azure Private Link** - Azure container vulnerability assessment provides the ability to scan images in container registries that are accessible via Azure Private Links. This capability requires access to trusted services and authentication with the registry. Learn how to [allow access by trusted services](/azure/container-registry/allow-access-trusted-services).
 
diff --git a/articles/defender-for-cloud/includes/defender-for-containers-enable-plan-aks.md b/articles/defender-for-cloud/includes/defender-for-containers-enable-plan-aks.md
@@ -39,24 +39,7 @@ By default, when enabling the plan through the Azure portal, [Microsoft Defender
 If you don't want to enable all capabilities of the plans, you can manually select which specific capabilities to enable by selecting **Edit configuration** for the **Containers** plan. Then, in the **Settings & monitoring** page, select the capabilities you want to enable.
 In addition, you can modify this configuration from the [Defender plans page](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/pricingTier) after initial configuration of the plan.
 
-The following table provides detailed information on enablement method for each one of the capabilities:
-
-| Domain | Feature | Description | Enablement method | Agents | Azure clouds availability |
-|--|--|--|--|--|--|
-| Security posture management  | Agentless discovery for Kubernetes | Provides zero footprint, API-based discovery of your Kubernetes clusters, their configurations and deployments.| Enable **Agentless discovery on Kubernetes** toggle | Agentless | Azure commercial clouds |
-| Security posture management  | Comprehensive inventory capabilities | Enables you to explore resources, pods, services, repositories, images, and configurations through [security explorer](..\how-to-manage-cloud-security-explorer.md#build-a-query-with-the-cloud-security-explorer) to easily monitor and manage your assets. | Enable **Agentless discovery on Kubernetes** toggle | Agentless | Azure commercial clouds |
-| Security posture management  | Enhanced risk-hunting | Enables security admins to actively hunt for posture issues in their containerized assets through queries (built-in and custom) and [security insights](..\attack-path-reference.md#insights) in the [security explorer](..\how-to-manage-cloud-security-explorer.md). | Enable **Agentless discovery on Kubernetes** toggle | Agentless | Azure commercial clouds |
-| Security posture management  | [Control plane hardening](..\defender-for-containers-architecture.md) | Continuously assesses the configurations of your clusters and compares them with the initiatives applied to your subscriptions. When it finds misconfigurations, Defender for Cloud generates security recommendations that are available on Defender for Cloud's Recommendations page. The recommendations let you investigate and remediate issues. | Activated with plan | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Security posture management  | [Kubernetes data plane hardening](..\kubernetes-workload-protections.md) | Protect workloads of your Kubernetes containers with best practice recommendations. | Enable **Azure Policy for Kubernetes** toggle | Azure policy agent| Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Vulnerability assessment | Agentless vulnerability scan for registry images (powered by Qualys) | Vulnerability assessment for images in ACR | Activated with plan | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Vulnerability assessment | Agentless vulnerability scan for running images (powered by Qualys) | Vulnerability assessment for running images in AKS | Activated with plan | Defender agent | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Vulnerability assessment | Agentless registry scan (powered by Microsoft Defender Vulnerability Management) |  Vulnerability assessment for images in ACR | Enable **Agentless container vulnerability assessment** toggle | Agentless | Commercial clouds |
-| Vulnerability assessment | Agentless/agent-based runtime (powered by Microsoft Defender Vulnerability Management)| Vulnerability assessment for running images in AKS | Enable **Agentless container vulnerability assessment** toggle | Agentless **OR** install Defender agent for shorter refresh rate | Commercial clouds |
-| Runtime threat protection | Control plane threat detection | Detection of suspicious activity for Kubernetes based on Kubernetes audit trail | Enabled with plan | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Runtime threat protection | Workload threat detection | Detection of suspicious activity for Kubernetes for cluster level, node level, and workload level | Enable **Defender Agent in Azure** toggle **OR** deploy Defender agent on individual clusters | Defender agent | Commercial clouds |
-| Deployment & monitoring | Discovery of unprotected clusters | Discovering Kubernetes clusters missing Defender agents| Enabled with plan | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Deployment & monitoring | Defender agent auto provisioning | Automatic deployment of Defender agent | Enable **Defender Agent in Azure** toggle | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Deployment & monitoring | Azure Policy for Kubernetes auto provisioning | Automatic deployment of Azure policy agent for Kubernetes | Enable **Azure policy for Kubernetes** toggle | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
+For detailed information on the enablement method for each one the capabilities, see the [support matrix](/azure/defender-for-cloud/support-matrix-defender-for-containers#aws).
 
 ### Roles and permissions
 
diff --git a/articles/defender-for-cloud/support-matrix-defender-for-containers.md b/articles/defender-for-cloud/support-matrix-defender-for-containers.md
