Muistiinpano
Tämän sivun käyttö edellyttää valtuutusta. Voit yrittää kirjautua sisään tai vaihtaa hakemistoa.
Tämän sivun käyttö edellyttää valtuutusta. Voit yrittää vaihtaa hakemistoa.
When automatic provisioning is enabled in the Defender for Containers plan, Microsoft Defender for Cloud deploys the Defender sensor to supported Kubernetes clusters.
To manage sensor deployment manually for specific clusters, add an exclusion tag to prevent automatic deployment.
You can use exclusion tags on the following cluster types:
- Azure Kubernetes Service (AKS)
- Amazon Elastic Kubernetes Service (EKS)
- Google Kubernetes Engine (GKE)
Note
Exclusion tags aren't supported for Arc-enabled Kubernetes clusters in on-premises environments.
Prerequisites
- Defender for Containers is enabled with automatic provisioning turned on.
Exclude a cluster from automatic sensor deployment
To exclude a cluster from automatic Defender sensor deployment:
Important
Add the exclusion tag before automatic provisioning deploys the Defender sensor. If the Defender sensor is already deployed, adding the tag doesn't remove the existing deployment.
To exclude an AKS cluster from automatic Defender sensor deployment:
Sign in to the Azure portal.
Go to Kubernetes services.
Select the relevant AKS cluster.
Select Tags.
Add the following tag:
- Name:
ms_defender_container_exclude_sensors - Value:
true
- Name:
Select Apply.
Next steps
Learn how to install the Defender sensor using Helm.
Learn how to deploy Defender components using Azure CLI.