Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service

L1 Bithead

Looking for Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service


L1 Bithead

@SNimmagadda wrote:

HI @clakshmikanthan 

Here is the Doc To Configure Azure Container Registry -


Additional Docs to Configure Prisma Cloud on AKS Cluster


Please let us know if you need additional help.

Thank You Very much. Appreciate your support.
I have a question. I understand by integrating Prisma Cloud with Azure Container Registry, Vulnerability scanning of container images uploaded to ACR will automatically happen and the report will be generated. 
What about the prisma cloud defenders in AKS. Will it also scan any image deployed in AKS automatically? Once the Daemon set is installed in AKS what additional steps we have to do ? what benefit will it give?
2. Is there a best practice guidelines on using and configuring Prisma wrt AKS and Azure container registry. 

HI @clakshmikanthan  Thanks for reaching out.


After deploying a Defender to a Cluster, it can immediately protect and monitor your containers and host. No additional steps are required to rebuild your containers with an agent inside.


Here is The Defender Architecture to refer

Please refer to the below Doc on how the Defender works after it is installed.


Please let us know if this helps.



You have referred docs from compute edition. I understand compute edition is self-managed where you run prisma-cloud console as a docker container within your cluster. We are planning to use Prisma-cloud enterprise edition where we will be using prisma-cloud console provided by the enterprise edition and deploy defender in AKS to send details to prisma-cloud in SAAS. So my question is after I deploy defender in my AKS cluster as daemonset, it automatically communicates to SAAS prisma-cloud console right? I don't need any additional configuration either in AKS or in Prisma-cloud console right? Also our AKS is a private cluster. So how to make the daemonset communicate to prisma-cloud console. Is it via HTTP Proxy?

Hi @clakshmikanthan 


If you have Created below Prerequisites for Console-defender Communication.  deploying the defender in AKS Cluster  will communicate to Console.

Prisma® Cloud uses NAT gateway IP addresses. To ensure that you can access Prisma Cloud and the API for any integrations that you enabled between Prisma Cloud and your incidence response workflows, or your agentless deployment or the Prisma Cloud Defenders to communicate with the Prisma Cloud Compute Console, review the list and update the IP addresses in your allow lists


In Prisma Cloud Enterprise Edition (SaaS platform for Compute), the Defender websocket connects to Console on port 443 (not configurable).

If egress connections through Proxy Require authentication. Here is the doc to configure  web proxy in HTTP Proxy


Please let me know if this helps.

  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!