AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

[Preview]: Configure Azure Arc enabled Kubernetes clusters to install Microsoft Defender for Cloud extension

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: Configure Azure Arc enabled Kubernetes clusters to install Microsoft Defender for Cloud extension

708b60a6-d253-4fe0-9114-4be4c00f012c

Version

7.3.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 3
7.1.0-preview
7.2.0-preview
7.3.0-preview
Built-in Versioning [Preview]

Category

Kubernetes
Microsoft Learn

Description

Microsoft Defender for Cloud extension for Azure Arc provides threat protection for your Arc enabled Kubernetes clusters. The extension collects data from all nodes in the cluster and sends it to the Azure Defender for Kubernetes backend in the cloud for further analysis. Learn more in https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-enable?pivots=defender-for-container-arc.

Mode

Indexed

Type

BuiltIn

Preview

true

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Kubernetes Agent Operator	5e93ba01-8f92-4c7a-b12a-801e3df23824
Defender Kubernetes Agent Operator	8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Kubernetes/connectedClusters/distribution	Microsoft.Kubernetes	connectedClusters	properties.distribution	True		False

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.KubernetesConfiguration/extensions/extensionType	Microsoft.KubernetesConfiguration	extensions	properties.extensionType	True		False
Microsoft.KubernetesConfiguration/extensions/provisioningState	Microsoft.KubernetesConfiguration	extensions	properties.provisioningState	True		False

Rule resource types

IF (1)
Microsoft.Kubernetes/connectedClusters
THEN-Deployment (4)
Microsoft.KubernetesConfiguration/extensions
Microsoft.OperationalInsights/workspaces
Microsoft.Resources/deployments
Microsoft.Resources/resourceGroups

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-09-10 17:48:30	change	Minor, suffix remains equal (7.2.0-preview > 7.3.0-preview)
2024-08-20 18:21:51	change	Minor, suffix remains equal (7.1.0-preview > 7.2.0-preview)
2022-07-29 16:32:46	change	Minor, suffix remains equal (7.0.0-preview > 7.1.0-preview)
2022-07-08 16:32:07	change	Major, suffix remains equal (6.1.2-preview > 7.0.0-preview)
2022-07-01 16:32:34	change	Patch, new suffix: preview (6.1.1 > 6.1.2-preview)
2022-06-24 19:15:47	change	Patch, old suffix: preview (6.1.0-preview > 6.1.1)
2022-06-07 16:30:19	change	Minor, suffix remains equal (6.0.0-preview > 6.1.0-preview)
2022-04-29 18:06:01	change	Major, suffix remains equal (5.1.0-preview > 6.0.0-preview)
2022-04-22 19:50:54	change	Major, suffix remains equal (4.1.0-preview > 5.1.0-preview)
2022-04-01 20:29:14	change	Minor, suffix remains equal (4.0.0-preview > 4.1.0-preview)
2022-02-04 18:25:37	change	Major, suffix remains equal (3.0.0-preview > 4.0.0-preview)
2021-11-12 16:23:07	change	Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
2021-08-30 14:27:30	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-05-26 13:43:16	add	708b60a6-d253-4fe0-9114-4be4c00f012c

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC