![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 96%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
In a recent case, we also had compliant resources being flagged. Defender for Cloud was evaluating against the Microsoft cloud security benchmark with a default regex parameter value of "^(.+){0}$", updating that assignment with our desired regex cleared the recommendations.
Security Recommendation Not Updating After Policy-Based Remediation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 0%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
PANDUGAYALA Sai K
0
Reputation points
We have remediated the Defender for Cloud recommendation:
"Container images should be deployed from trusted registries only" for the resource of AKS cluster
Remediation actions taken:
- A regex was configured in the security policy under the
Allowed registry or registries regexparameter to allow only our trusted private container registries. - All container images have been verified and updated to use only these trusted registries.
- We validated via the Kubernetes cluster and CI/CD pipelines that no images are being pulled from public or untrusted registries.
- Azure Policy compliance status reflects full alignment with the policy.
Issue:
Despite the above, Microsoft Defender for Cloud continues to flag this recommendation as active, and the listed pods are either:
- Already updated with images from trusted registries, or
- No longer exist in the cluster.
Microsoft Security | Microsoft Defender | Other
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Catherine Kyalo 2,195 Reputation points Microsoft Employee2025-05-23T06:53:13.3566667+00:00 Hi @PANDUGAYALA Sai K ,
How long has it been since the remediation? From documentation, this can take upto 24 hours. However, we have observed scenarios where these updates have reflected after 72hours.
-
PANDUGAYALA Sai K 0 Reputation points
2025-05-23T06:55:42.82+00:00 It's been more than 10 days last sprint we did
-
Catherine Kyalo 2,195 Reputation points Microsoft Employee
2025-05-23T07:05:49.8833333+00:00 Hi ,
I found a case similar to this - https://learn.microsoft.com/en-us/answers/questions/925457/container-images-should-be-deployed-from-trusted-r.
Some people found it helpful so please check whether the shared solution
"My problem was finally solved in all honesty by adding in the regex "|busybox" (from an init container) and waiting enough time for this modification to be taken into account."
If none of this works, raising a support ticket is the recommended route. To Raise a support Ticket:
- Go to the Azure Portal.
- Click on the Help + support option in the left-hand menu.
- Select New support request.
- Follow the prompts to create a support ticket explaining your issue.
Sign in to comment