Recommended Next Steps (Optional)
================================================================================
Now that your installation is complete, here are a few steps you can follow to
enhance the protection of your Azure cloud resources.

Set Allowed Container Images
--------------------------------------------------------------------------------
The inoQulate solution uses Container Images from the ``pqceepub.azurecr.io``
repository, and you are recommended to create an Azure Policy to audit that the
inoQulate AKS cluster is only using images from ``pqceepub.azurecr.io``.

Microsoft Defender for Cloud may recommend your Azure resources to only deploy
images from allowed registries, hence you are recommended to configure this in
your Microsoft Defender for Cloud settings.


Restrict Kubernetes API Access
--------------------------------------------------------------------------------
It is a good practice to restrict the Kubernetes API access to only the
administrator.

#. In the Azure `portal <https://portal.azure.com/>`_, enter ``Kubernetes Services`` in the search box. Select **Kubernetes Services**.
#. Click ``inoQulate``.
#. In the left side bar, under the Section **Settings**, click **Networking**.
#. Click **Manage**.
#. Tick **Set authorized IP ranges** and fill in the Administrator's IP Address.
#. Click **Save**.