Securing Containers in a Multicloud Environment with Microsoft Defender for Containers

As organizations increasingly adopt container technologies and deploy workloads across multiple cloud providers, ensuring the security and visibility of these environments becomes a critical priority. Microsoft Defender for Containers, part of the Microsoft Defender for Cloud solution, provides a comprehensive, cloud-native approach to securing containers across Azure, AWS, and other cloud platforms.

Enabling Defender for Containers for Your AWS Accounts

To get started with protecting your AWS-hosted containers, you’ll need to enable the Defender for Containers plan within your Microsoft Defender for Cloud environment. Here’s how:

  1. Sign in to the Azure Portal: Access the Azure portal at https://portal.azure.com and navigate to the Microsoft Defender for Cloud service.

  2. Enable Defender for Containers: From the Defender for Cloud menu, select ‘Environment settings’ and choose the relevant AWS account connector. Toggle the ‘Containers’ plan to ‘On’ to enable the Defender for Containers capabilities.

  3. Configure Optional Settings: Optionally, you can adjust the settings for Defender for Containers, such as enabling control plane audit log collection for runtime threat protection, and turning on agentless Kubernetes discovery and container vulnerability assessment features.

  4. Review and Apply Changes: After configuring the desired settings, review the changes and select ‘Update’ to apply them.

Deploying the Defender Sensor in EKS Clusters

To ensure complete visibility and protection for your Amazon Elastic Kubernetes Service (EKS) clusters, you’ll need to deploy the Defender sensor and associated extensions. Defender for Cloud provides a helpful recommendation to guide you through this process:

  1. Navigate to the Defender for Cloud Recommendations: From the Defender for Cloud dashboard, locate the recommendation titled ‘EKS clusters should have Microsoft Defender’s extension for Azure Arc installed’.

  2. Select an Unhealthy Cluster: Choose an EKS cluster that requires the Defender sensor deployment. Note that you must select the clusters individually, not by their hyperlinked names.

  3. Generate the Remediation Script: Defender for Cloud will generate a script, in either Bash or PowerShell, that you can use to deploy the required extensions (Azure Arc, Defender sensor, Azure Policy) on your EKS cluster.

  4. Download and Run the Script: Download the generated remediation script and execute it on your EKS cluster to complete the deployment of the necessary components.

By following these steps, you can efficiently enable the Defender for Containers capabilities and deploy the required tooling to secure your AWS-hosted containerized workloads, ensuring comprehensive protection across your multicloud environment.

For more advanced configuration options and a deeper understanding of Microsoft Defender for Containers, refer to the Enable Microsoft Defender for Containers and Overview of Microsoft Defender for Containers documentation.