Defender CSPM contextual security capabilities assists security teams in the reduction of the risk of impactful breaches. Defender CSPM uses environment context to perform a risk assessment of your security issues. Defender CSPM identifies the biggest security risk issues, while distinguishing them from less risky issues.

With attack path analysis and cloud security explorer Defender DCSPM customers can address the security issues that pose immediate threats with the greatest potential of being exploited and proactively identify security risks in their cloud environment by running graph-based queries on the cloud security graph, which is Defender for Cloud's context engine.

Agentless containers coverage as part of DCSPM is now available in public preview. It only takes one click to benefit from adding containers’ context to the security graph:

• Agentless visibility – discover Kubernetes and container registry estate across SDLC and runtime, seamlessly with no footprint on the workloads.
• Container vulnerability assessment – out of the box container image scanning, including registry and runtime.
• Attach path analysis – prioritize and zoom into container vulnerabilities and posture risks that matter most.
• Graph based queries – uncover security insights in their cloud context, such as vulnerabilities, internet exposure, sensitive data and more.

How to benefit from agentless container security in Defender CSPM:

Customers who enabled Defender CSPM after April 17^th already enjoy agentless container capabilities - no need to take any further action.

Customers who enabled before Defender CSPM after April 17^th   - such customers need to manually enable the “Agentless discovery for Kubernetes” and “Container registries vulnerability assessments” extensions for their Defender CSPM environments.

This is a one-time manual effort as newly onboarded subscriptions, the relevant extensions will be default enabled.

To enable these, the following permissions on the subscription are required:

• Subscription Owner, or
• User Access Admin + Security Admin

1. In the Azure portal, navigate to the Defender for Cloud's Environment Settings page.
2. Select the subscription that's onboarded to the Defender CSPM plan, then select Settings.
3. Ensure the Agentless discovery for Kubernetes and Container registries vulnerability assessments extensions are toggled to On.

4. Click save.

Further Resources:

• Agentless Container Posture for Microsoft Defender for Cloud | Microsoft Learn
• How-to enable Agentless Container posture in Microsoft Defender CSPM | Microsoft Learn
• How-to view and remediate vulnerability assessment findings for registry images | Microsoft Learn
• Support and prerequisites for agentless container posture - Microsoft Defender for Cloud | Microsoft Learn
• Microsoft-Defender-for-Cloud/Module-18- Agentless-container-posture-through-Defender-DCSPM.md at main · Azure/Microsoft-Defender-for-Cloud (github.com)