Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes how to enable Microsoft Defender for Containers on Arc-enabled Kubernetes clusters by using programmatic methods.
Tip
For Azure portal deployment instructions, see Deploy Defender for Containers on Arc-enabled Kubernetes using Azure portal.
Prerequisites
Additionally, you need:
- Azure CLI with the
k8s-extensionextension kubectlconfigured to access your cluster
Connect your cluster to Azure Arc
Before deploying the Defender sensor, ensure your Kubernetes cluster is connected to Azure Arc. For instructions, see Connect an existing Kubernetes cluster to Azure Arc.
Enable Defender for Containers
To enable the Defender for Containers plan on your subscription, see Enable Microsoft Defender for Cloud. You can enable the plan through the Azure portal, REST API, or Azure Policy.
Deploy the Defender sensor
After enabling the plan and connecting your cluster to Azure Arc, deploy the Defender sensor extension:
az k8s-extension create \
--name microsoft.azuredefender.kubernetes \
--cluster-type connectedClusters \
--cluster-name <cluster-name> \
--resource-group <resource-group> \
--extension-type microsoft.azuredefender.kubernetes \
--configuration-settings \
logAnalyticsWorkspaceResourceID="/subscriptions/<subscription-id>/resourceGroups/<rg>/providers/Microsoft.OperationalInsights/workspaces/<workspace-name>" \
auditLogPath="/var/log/kube-apiserver/audit.log"
Deploy the Azure Policy extension
To enable Azure Policy for Kubernetes on Arc-enabled clusters:
az k8s-extension create \
--name azure-policy \
--cluster-type connectedClusters \
--cluster-name <cluster-name> \
--resource-group <resource-group> \
--extension-type Microsoft.PolicyInsights