Enable vulnerability assessment powered by Microsoft Defender Vulnerability Management
Vulnerability assessment powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in container images, with zero configuration for onboarding, and without deployment of any sensors.
How to enable vulnerability assessment powered by Microsoft Defender Vulnerability Management
Before starting, verify that the scope is onboarded to Defender CSPM, Defender for Containers or Defender for Container Registries.
In the Azure portal, navigate to the Defender for Cloud's Environment Settings page.
Select the scope that's onboarded to one of the above plans. Then select Settings.
Ensure the Agentless Container vulnerability assessments extension is toggled to On.
Select Continue.
Select Save.
A notification message pops up in the top right corner that verifies that the settings were saved successfully.
How to enable runtime coverage
- For Defender CSPM, use agentless discovery for Kubernetes. For more information, see Onboard agentless container posture in Defender CSPM.
- For Defender for Containers, use agentless discovery for Kubernetes or use the Defender sensor. For more information, see Enable the plan.
- For Defender for Container Registries, there's no runtime coverage.
Next steps
- Learn more about Trusted Access.
- Learn how to view and remediate vulnerability assessment findings for registry images and running images.
- Learn how to create an exemption for a resource or subscription.
- Learn more about Cloud Security Posture Management.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for