Enable Defender for Containers and DCSPM Plan

Implementation Effort: Medium – Requires enabling plans in Microsoft Defender for Cloud and deploying supporting components across cloud environments.

User Impact: Low – Configuration is handled by security and platform teams; end users are not directly affected.

Overview

Enabling the Defender for Containers and Defender Cloud Security Posture Management (DCSPM) plans in Microsoft Defender for Cloud provides comprehensive protection for containerized workloads and improves visibility into cloud security posture.

Defender for Containers

This plan enables runtime threat detection, vulnerability scanning, and compliance monitoring for Kubernetes clusters across Azure, AWS, GCP, and on-premises environments. To enable it:

1. Go to Microsoft Defender for Cloud in the Azure portal.
2. Navigate to Environment settings and select your subscription or connected cloud account.
3. On the Defender plans page, toggle Defender for Containers to On.
4. Deploy the Defender sensor to your Kubernetes clusters using the Azure portal, REST API, Azure CLI, or ARM templates 1 2.

Defender CSPM (DCSPM)

This plan enhances cloud security posture management by adding capabilities such as:

• Regulatory compliance tracking
• Cloud security explorer
• Attack path analysis
• Agentless scanning for machines

To enable it:

1. In the same Defender plans page, toggle Defender CSPM to On.
2. Click Save to apply the changes 3.

These plans work together to secure both the infrastructure and workloads, aligning with the "Assume Breach" and "Verify Explicitly" principles of Zero Trust by ensuring continuous monitoring, threat detection, and posture management across multicloud environments.

Reference

• Configure Microsoft Defender for Containers components
• Protect your Azure containers with Defender for Containers
• Enable the Defender CSPM plan