Determine Multicloud Dependencies
Implementation Effort: Medium – Requires onboarding of multicloud Kubernetes environments and configuration of supporting extensions and connectors.
User Impact: Low – Setup and configuration are handled by platform and security teams; end users are not directly affected.
Overview
Determining multicloud dependencies in Microsoft Defender for Containers is essential for securing Kubernetes workloads across Azure, AWS, and GCP. Defender for Containers provides runtime protection, vulnerability assessments, and compliance monitoring for containerized environments. To enable these capabilities in multicloud scenarios, organizations must understand and configure the necessary dependencies and integrations.
Key multicloud dependencies include:
- Azure Arc: Required to onboard Kubernetes clusters running outside Azure (e.g., AWS EKS, GCP GKE, on-premises).
- Defender for Containers plan: Must be enabled in Microsoft Defender for Cloud to activate container security features.
- Azure Policy for Kubernetes: Enforces governance and collects control plane data.
- Kubernetes audit log integration: Required for runtime threat detection.
- Defender sensor: Deployed as a DaemonSet to monitor node-level activity.
- Agentless scanning: Available for container images in registries.
- IAM permissions: Needed for onboarding AWS and GCP connectors to enable Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) features 1.
This capability supports the "Verify Explicitly" and "Assume Breach" principles of Zero Trust by ensuring that all container workloads across clouds are onboarded, monitored, and protected with consistent security policies and telemetry.