You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/kubernetes-workload-protections.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ ms.topic: how-to
5
5
author: dcurwin
6
6
ms.author: dacurwin
7
7
ms.custom: ignite-2022
8
-
ms.date: 07/10/2023
8
+
ms.date: 07/11/2023
9
9
---
10
10
11
11
# Protect your Kubernetes data plane hardening
@@ -28,7 +28,7 @@ Microsoft Defender for Cloud includes a bundle of recommendations that are avail
28
28
29
29
You can enable the Azure policy for Kubernetes by one of two ways:
30
30
- Enable for all current and future clusters using plan/connector settings
31
-
-[Enabling for Azure subscriptions or on-prem](#enabling-for-azure-subscriptions-or-on-prem)
31
+
-[Enabling for Azure subscriptions or on-premises](#enabling-for-azure-subscriptions-or-on-premises)
32
32
-[Enabling for GCP projects](#enabling-for-gcp-projects)
33
33
-[Enable for existing clusters using recommendations (specific clusters or all clusters)](#manually-deploy-the-add-on-to-clusters-using-recommendations-on-specific-clusters).
34
34
@@ -41,7 +41,7 @@ You can enable the Azure policy for Kubernetes by one of two ways:
41
41
> [!NOTE]
42
42
> Enablement for AWS via the connector is not supported due to a limitation in EKS that requires the cluster admin to add permissions for a new IAM role on the cluster itself.
43
43
44
-
#### Enabling for Azure subscriptions or on-prem
44
+
#### Enabling for Azure subscriptions or on-premises
45
45
46
46
When you enable Microsoft Defender for Containers, the "Azure Policy for Kubernetes" setting is enabled by default for the Azure Kubernetes Service, and for Azure Arc-enabled Kubernetes clusters in the relevant subscription. If you disable the setting on initial configuration you can enable it afterwards manually.
47
47
@@ -67,7 +67,7 @@ If you disabled the "Azure Policy for Kubernetes" settings under the containers
67
67
68
68
When you enable Microsoft Defender for Containers on a GCP connector, the "Azure Policy Extension for Azure Arc" setting is enabled by default for the Google Kubernetes Engine in the relevant project. If you disable the setting on initial configuration you can enable it afterwards manually.
69
69
70
-
If you disabled the "Azure Policy Extension for Azure Arc" settings under the GCP connector, you can follow the below steps to to [enable it on your GCP connector](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-enable?tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api&pivots=defender-for-container-gke#protect-google-kubernetes-engine-gke-clusters).
70
+
If you disabled the "Azure Policy Extension for Azure Arc" settings under the GCP connector, you can follow the below steps to [enable it on your GCP connector](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-enable?tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api&pivots=defender-for-container-gke#protect-google-kubernetes-engine-gke-clusters).
71
71
72
72
### Manually deploy the add-on to clusters using recommendations on specific clusters
73
73
@@ -90,7 +90,7 @@ Once enabled, the hardening recommendation becomes available (some of the recomm
90
90
-**AWS** - `EKS clusters should have Microsoft Defender's extension for Azure Arc installed`
91
91
-**GCP** - `GKE clusters should have Microsoft Defender's extension for Azure Arc installed`
92
92
93
-
:::image type="content" source="./media/kubernetes-workload-protections/azure-kubernetes-service-clusters-recommendation.png" alt-text="Screenshot showing the recommendation **Azure Kubernetes Service clusters should have the Azure Policy add-on for Kubernetes installed**." lightbox="media/kubernetes-workload-protections/azure-kubernetes-service-clusters-recommendation.png":::
93
+
:::image type="content" source="./media/kubernetes-workload-protections/azure-kubernetes-service-clusters-recommendation.png" alt-text="Screenshot showing the recommendation "Azure Kubernetes Service clusters should have the Azure Policy add-on for Kubernetes installed"." lightbox="media/kubernetes-workload-protections/azure-kubernetes-service-clusters-recommendation.png":::
94
94
95
95
> [!TIP]
96
96
> The recommendation is included in five different security controls and it doesn't matter which one you select in the next step.
0 commit comments