Enable K8s API Access

Implementation Effort: Medium – Requires enabling Defender for Containers and configuring Kubernetes policy and monitoring settings.

User Impact: Low – Configuration is handled by platform and security teams; end users are not directly affected.

Overview

Enabling Kubernetes API access in Microsoft Defender for Containers allows Defender to collect control plane telemetry and enforce governance policies across Kubernetes clusters. This is essential for detecting misconfigurations, unauthorized access, and policy violations in real time.

To enable Kubernetes API access:

1. Enable Defender for Containers:

   • Go to Microsoft Defender for Cloud > Environment settings.
   • Select your subscription and toggle Defender for Containers to On 1.

2. Enable Azure Policy for Kubernetes:

   • In the Settings & Monitoring section, toggle Azure Policy for Kubernetes to On 2.
   • This enables collection of Kubernetes audit logs and policy enforcement.

3. Deploy the Defender sensor:

   • Use the Azure portal, REST API, Azure CLI, or ARM templates to deploy the sensor to your clusters 1.

4. Ensure network connectivity:

   • The Defender sensor must be able to send data to the configured Log Analytics workspace.
   • If using Azure Monitor Private Link Scope (AMPLS), configure private endpoints and DNS zones accordingly 1.

This capability supports the "Verify Explicitly" principle of Zero Trust by enabling visibility into Kubernetes control plane activity and enforcing security policies across multicloud and hybrid environments.

Reference

• Configure Microsoft Defender for Containers components
• Kubernetes data plane hardening
• Protect your on-premises Kubernetes clusters with Defender for Containers