Azure Security Center Can Now Monitor Azure Kubernetes Service Containers

Microsoft announced this week that the Azure Security Center management portal now works with the Azure Kubernetes Service (AKS) to ensure the security of Docker containers running on Linux systems or virtual machines.

Containers are an operating system virtualization approach, developed by Docker, that are advantageous for hosted applications because the possibility of application and configuration conflicts gets removed. AKS is Microsoft's service for container orchestration on datacenter clusters, based on the Google-fostered Kubernetes datacenter solution. Azure Security Center is a software dashboard for monitoring the security of public cloud services, on-premises workloads and so-called "hybrid" or mixed scenarios.

Container security might not be top of mind for organizations, but Microsoft contends that "defending the attack surfaces of a containerized application requires expertise to ensuring the infrastructure is configured securely and constantly monitored for potential threats."

To that end, Azure Security Center offers runtime protection for containers, vulnerability management and environmental hardening, according to a Microsoft document on "Container Security in Security Center."

Containers get scanned for vulnerabilities using Qualys' scanning service. It happens when a new container image gets pushed. The images are run and get scanned in an "isolated sandbox."

"When a new image is pushed, Security Center scans the image using a scanner from the industry-leading vulnerability scanning vendor, Qualys," the "Container Security" document explained.

The Azure Security Center also checks the configuration of containers by comparing them against the "Center for Internet Security (CIS) Docker Benchmark." However, these benchmark checks "will not run on AKS-managed instances or Databricks-managed VMs," Microsoft explained in a footnote.

To use Azure Security Center for AKS-managed containers, organizations will need to have the "Standard Tier" Azure Security Center licensing, which adds vulnerability scanning.

Users of the integrated solution get both container hosting alerts and AKS alerts in Azure Security Center. More details are described in Microsoft's "Azure Kubernetes Services Integration with Security Center" document landing page.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.