Support for MS Defender for Containers

[ezYakaEagle442]

Is your feature request related to a problem? Please describe. Even is ASA ia fully managed service, customers needs to ensure of the underlying AKS Security , including :

• Environment hardening - to assess clusters to provide visibility into misconfigurations and guidelines to help mitigate identified threats.
• Vulnerability assessment - Vulnerability assessment and management tools for images stored in ACR registries and running in Azure Kubernetes Service.
• Run-time threat protection for nodes and clusters

Describe the solution you'd like Integration with https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction

Describe alternatives you've considered N/A

Additional context Customer IT Security requires such Protection

[ezYakaEagle442]

See

• https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/azure-spring-apps-security-baseline#ns-2-secure-cloud-services-with-network-controls
• https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/spring-cloud-security-baseline?toc=%2Fazure%2Fspring-apps%2Ftoc.json&bc=%2Fazure%2Fspring-apps%2Fbreadcrumb%2Ftoc.json

[allxiao]

@ezYakaEagle442 we would like to follow up with you to understand more about the user scenarios.

[taoxu0903]

want to learn more from you:

1. any customer direct asks about this?
2. for built images by ASA, ASA is responsible for their CVE scan and fix; timely apply underneath VM security issues via regular upgrade without customers to care. so are you asking for: by letting ASA integrate with MS defender, so customers can get security wise visibility of our managed AKS cluster and images?