|
2 | 2 | title: Important upcoming changes |
3 | 3 | description: Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan |
4 | 4 | ms.topic: overview |
5 | | -ms.date: 08/08/2023 |
| 5 | +ms.date: 08/14/2023 |
6 | 6 | --- |
7 | 7 |
|
8 | 8 | # Important upcoming changes to Microsoft Defender for Cloud |
@@ -30,9 +30,27 @@ If you're looking for the latest release notes, you can find them in the [What's |
30 | 30 | | [Update naming format of Azure Center for Internet Security standards in regulatory compliance](#update-naming-format-of-azure-center-for-internet-security-standards-in-regulatory-compliance) | August 2023 | |
31 | 31 | | [Preview alerts for DNS servers to be deprecated](#preview-alerts-for-dns-servers-to-be-deprecated) | August 2023 | |
32 | 32 | | [Deprecate and replace recommendations App Service Client Certificates](#deprecate-and-replace-recommendations-app-service-client-certificates) | August 2023 | |
| 33 | +| [Classic connectors for multicloud will be retired](#classic-connectors-for-multicloud-will-be-retired) | September 2023 | |
33 | 34 | | [Change to the Log Analytics daily cap](#change-to-the-log-analytics-daily-cap) | September 2023 | |
34 | 35 | | [Defender for Cloud plan and strategy for the Log Analytics agent deprecation](#defender-for-cloud-plan-and-strategy-for-the-log-analytics-agent-deprecation) | August 2024 | |
35 | 36 |
|
| 37 | +### Classic connectors for multicloud will be retired |
| 38 | + |
| 39 | +**Estimated date for change: September 15, 2023** |
| 40 | + |
| 41 | +The classic multicloud connectors will be retiring on September 15, 2023 and no data will be streamed to them after this date. These classic connectors were used to connect AWS Security Hub and GCP Security Command Center recommendations to Defender for Cloud and onboard AWS EC2s to Defender for Servers. |
| 42 | + |
| 43 | +The full value of these connectors has been replaced with the native multicloud security connectors experience, which has been Generally Available for AWS and GCP since March 2022 at no additional cost. |
| 44 | + |
| 45 | +The new native connectors are included in your plan and offer an automated onboarding experience with options to onboard single accounts, multiple accounts (with Terraform), and organizational onboarding with auto provisioning for the following Defender plans: free foundational CSPM capabilities, Defender Cloud Security Posture Management (CSPM), Defender for Servers, Defender for SQL, and Defender for Containers. |
| 46 | + |
| 47 | +If you're currently using the classic multicloud connectors, we strongly recommend that you begin your migration to the native security connectors before September 15, 2023. |
| 48 | + |
| 49 | +How to migrate to the native security connectors: |
| 50 | + |
| 51 | +- [Connect your AWS account to Defender for Cloud](quickstart-onboard-aws.md) |
| 52 | +- [Connect your GCP project to Defender for Cloud](quickstart-onboard-gcp.md) |
| 53 | + |
36 | 54 | ### Defender for Cloud plan and strategy for the Log Analytics agent deprecation |
37 | 55 |
|
38 | 56 | **Estimated date for change: August 2024** |
@@ -87,7 +105,6 @@ The following section describes the planned introduction of a new and improved S |
87 | 105 | | SQL-targeted AMA autoprovisioning GA release | December 2023 | GA release of a SQL-targeted AMA autoprovisioning process. Following the release, it will be defined as the default option for all new customers. | |
88 | 106 | | MMA deprecation | August 2024 | The current MMA autoprovisioning process and its related policy initiative will be deprecated. It can still be used customers, but they won't be eligible for support. | |
89 | 107 |
|
90 | | - |
91 | 108 | ### Replacing the "Key Vaults should have purge protection enabled" recommendation with combined recommendation "Key Vaults should have deletion protection enabled" |
92 | 109 |
|
93 | 110 | **Estimated date for change: June 2023** |
@@ -236,6 +253,7 @@ The following table lists the alerts to be deprecated: |
236 | 253 | App Service policies are set to be deprecated and replaced so that they only monitor apps using HTTP 1.1 since HTTP 2.0 on App Service doesn't support client certificates. The existing policies that enforce client certificates require an additional check to determine if Http 2.0 is being used by the app. Adding this additional check requires a change to the policy "effect" from Audit to AuditIfNotExists. Policy "effect" changes require deprecation of the old version of the policy and the creation of a replacement. |
237 | 254 |
|
238 | 255 | Policies in this scope: |
| 256 | + |
239 | 257 | - App Service apps should have Client Certificates (Incoming client certificates) enabled |
240 | 258 | - App Service app slots should have Client Certificates (Incoming client certificates) enabled |
241 | 259 | - Function apps should have Client Certificates (Incoming client certificates) enabled |
|
0 commit comments