Microsoft Defender for Cloud recommendations

On this page

This document covers Microsoft Defender for Cloud advisories that you may face when installing the CluedIn MDM PaaS variant of the product into your environemnt. It will explain what each advisory means and how to potentially resolve the issue.

If the advisory is not listed below, please do reach out to who will be able to advise further.


Container images should be deployed from trusted registries only

The default security policies that are set on Microsoft Defender for Cloud can be quite bare when it comes out of the box. As a result, this particular recommendation gets flagged frequently as a high risk.

The CluedIn installation installs an Azure Kubernetes Service (AKS) cluster which pulls images from with an authorization token. Because is external to your environment, it gets flagged by this recommendation when using default baseline advisories.


To resolve this issue, please amend the recommendation under remediation steps and add a regex string that can accomodate the CluedIn registry. An example is: ^cluedinprod\.azurecr\.io.*$.

This will affect all AKS clusters. If you have additional AKS clusters which are for internal services or other products, you may want to use a more loosely defined regex string that can accommodate both CluedIn and other third-party registries.