Update Microsoft Defender for Cloud plan for Containers

[jtracey93]

Overview/Summary

As described in issue #874, Microsoft Defender for Cloud has released a new plan to all clouds (Public, Gov, China) for Containers that replaces the plans for Kubernetes & Container Registries.

This has now gone GA as per the announcement here: https://docs.microsoft.com/azure/defender-for-cloud/release-notes#microsoft-defender-for-containers-plan-released-for-general-availability-ga.

This PR fixes/adds/changes/removes

1. Updates Deploy-ASCDF-Config initiative to use the new plan and policy and removed the Kubernetes & Container Registry plan/policies from the initiative, as shown in the below table:

Policy Definition Display Name	Policy Definition ID	Note
[Deprecated]: Configure Azure Defender for container registries to be enabled	d3d1e68e-49d4-4b56-acff-93cef644b432	REMOVED - Old ACR policy
[Deprecated]: Configure Azure Defender for Kubernetes to be enabled	133047bf-1369-41e3-a3be-74a11ed1395a	REMOVED - Old AKS Policy
Configure Microsoft Defender for Containers to be enabled	c9ddb292-b203-4738-aead-18e2716e858f	ADDED - New grouped containers policy for the new plan

• Also added to China (Mooncake) and Gov (Fairfax) policies and deployment experiences, as shown as available here in all 3 clouds: https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks#availability

2. Update all references of "Azure Defender" in portal experiences to "Microsoft Defender for Cloud"

Breaking Changes

None. However, customers should review the guidance here around the plan changes and what it means for existing subscriptions and new subscriptions: https://docs.microsoft.com/azure/defender-for-cloud/release-notes#microsoft-defender-for-containers-plan-released-for-general-availability-ga

Testing Evidence

Public (Commercial)

URL to test yourself: https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.neting.cc%2Fjtracey93%2FEnterprise-Scale%2Ffix-874-mdfc-containers%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.neting.cc%2Fjtracey93%2FEnterprise-Scale%2Ffix-874-mdfc-containers%2FeslzArm%2Feslz-portal.json

China (Mooncake)

Tested here by @faister #876 (comment)

Gov (Fairfax)

Tested by @rspott (thanks 👍)

As part of this Pull Request I have

• Checked for duplicate Pull Requests
• Associated it with relevant issues, for tracking and closure.
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Updated relevant and associated documentation.
• Updated the "What's New?" wiki page (located: /docs/wiki/whats-new.md)

[jtracey93]

@faister Could you perform the testing here for China (Mooncake)? I have updated the guidance and all the code so should just need deploying and testing 👍 Can all be found in my fork/branch here: https://github.com/jtracey93/Enterprise-Scale/tree/fix-874-mdfc-containers

Let me know 👍

[amanjeetsingh]

LGTM!

[faister]

@faister Could you perform the testing here for China (Mooncake)? I have updated the guidance and all the code so should just need deploying and testing 👍 Can all be found in my fork/branch here: https://github.com/jtracey93/Enterprise-Scale/tree/fix-874-mdfc-containers

Let me know 👍

@jtracey93 Sounds good, will try to get some testing done before we speak mid-week. Trying to finish off the other task I told you about.

[jtracey93]

@faister

        Fai Lai
        FTE Could you perform the testing here for China (Mooncake)? I have updated the guidance and all the code so should just need deploying and testing 👍 Can all be found in my fork/branch here: https://github.com/jtracey93/Enterprise-Scale/tree/fix-874-mdfc-containers

Let me know 👍

@jtracey93 Jack Tracey FTE Sounds good, will try to get some testing done before we speak mid-week. Trying to finish off the other task I told you about.

Thanks @faister, this should also fit into that other piece of work nicely 👍 If you can test before mid-week (just need the definitions and assignments tested really, confirming the new built-in definition c9ddb292-b203-4738-aead-18e2716e858f does indeed exist in China (Mooncake) before we merge this PR 👍

[faister]

@faister

        Fai Lai
        FTE

        Fai Lai
        FTE Could you perform the testing here for China (Mooncake)? I have updated the guidance and all the code so should just need deploying and testing 👍 Can all be found in my fork/branch here: https://github.com/jtracey93/Enterprise-Scale/tree/fix-874-mdfc-containers

Let me know 👍

@jtracey93

        Jack Tracey
        FTE Jack Tracey FTE Sounds good, will try to get some testing done before we speak mid-week. Trying to finish off the other task I told you about.

Thanks @faister Fai Lai FTE, this should also fit into that other piece of work nicely 👍 If you can test before mid-week (just need the definitions and assignments tested really, confirming the new built-in definition c9ddb292-b203-4738-aead-18e2716e858f does indeed exist in China (Mooncake) before we merge this PR 👍

@jtracey93 All good! The new built-in definition c9ddb292-b203-4738-aead-18e2716e858f exists in Mooncake.
Testing evidence:
Built-in definition for MSD for Containers

Policy template deployment succeeded

Policy set definition

Policy assignment

[jtracey93]

@Azure/enterprisescale-vteam @Azure/customer-architecture-team - This is now ready for review/approval as testing in all 3 clouds has been completed and attached as evidence above 👍👍

[matt-FFFFFF]

LGTM - good work @jtracey93

[matt-FFFFFF]