Introduction

Azure Security Center gives you complete visibility and control over the security of hybrid cloud workloads, including compute, network, storage, identity, and application workloads. Azure Security Center (ASC) has two mains value proposition:

1. Cloud Security Posture Management (CSPM) – Help you prevent misconfiguration to strengthen your security posture for all different types of cloud workloads and resources in Azure (IaaS, PaaS, and SaaS).
2. Cloud Workload Protection Platform (CWPP) – Protect against threats for servers whether they are running in Azure, on-premises or different clouds such as Amazon AWS or Google GCP, in additional to cloud-native workloads such as Web Apps, Kubernetes, Key Vaults, as well as for SQL databases (PaaS/VM) and storage accounts.

Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry. It’s based on the open-source Docker Registry 2.0.

To learn more about Azure Container Registry, please check the official documentation here.

Azure Defender is an evolution of the threat-protection technologies in Azure Security Center, protecting Azure and hybrid environments. When you enable Azure Defender from the Pricing and settings area of Azure Security Center, the following Defender plans are all enabled simultaneously and provide comprehensive defenses for the compute, data, and service layers of your environment:

Vulnerability Assessment is one of the advanced protection that is included in Azure Security Center that falls under the Cloud Workload Protection Platform (CWPP) and Azure Defender which is something you must consider for scanning your private container images in Azure Container Registry.

In November 2019, the Azure Security Center team announced the ability to scan container images in Azure Container Registry, and then share the vulnerability recommendation on