Prerequisites Check
Implementation Effort: Medium – Requires validation of environment readiness, network access, and supported configurations across cloud and hybrid Kubernetes environments.
User Impact: Low – Prerequisite checks are performed by platform and security teams; end users are not directly affected.
Overview
Before deploying Microsoft Defender for Containers, it is essential to perform a thorough prerequisites check to ensure that your Kubernetes environments are compatible and properly configured. This step ensures a smooth onboarding experience and full functionality of Defender features such as runtime protection, vulnerability scanning, and compliance monitoring.
Key prerequisites include:
- Supported Kubernetes environments: Defender for Containers supports Azure Kubernetes Service (AKS), AWS EKS, GCP GKE, and on-premises clusters via Azure Arc 1.
- Network connectivity: Ensure outbound access to Microsoft Defender for Cloud endpoints. If using Azure Monitor Private Link Scope (AMPLS), configure private endpoints and DNS zones accordingly 1.
- Log Analytics workspace: Required for telemetry collection. The Defender sensor must be able to send data to the configured workspace.
- Azure Policy and Defender extensions: Must be installed on clusters to enable governance and control plane monitoring.
- Containers support matrix: Validate that your Kubernetes version and OS are supported by reviewing the Containers support matrix.
This capability supports the "Verify Explicitly" principle of Zero Trust by ensuring that all container environments are validated and monitored from the start, reducing the risk of misconfigurations and blind spots.