You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/release-notes.md
+14-4Lines changed: 14 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,13 +24,23 @@ If you're looking for items older than six months, you can find them in the [Arc
24
24
25
25
|Date | Update |
26
26
|--|--|
27
+
| May 30 |[General availability of agentless malware detection in Defender for Servers Plan 2](#general-availability-of-agentless-malware-detection-in-defender-for-servers-plan-2)|
27
28
| May 30 |[General Availability of Unified Disk Encryption recommendations](#general-availability-of-unified-disk-encryption-recommendations)|
28
29
| May 28 |[Remediate security baseline recommendation](#remediate-security-baseline-recommendation)|
29
30
| May 22 |[Configure email notifications for attack paths](#configure-email-notifications-for-attack-paths)|
30
31
| May 9 |[Checkov integration for IaC scanning in Defender for Cloud (Preview)](#checkov-integration-for-iac-scanning-in-defender-for-cloud-preview)|
31
32
| May 2 |[Updated security policy management is now generally available](#updated-security-policy-management-is-now-generally-available)|
32
33
| May 1 |[Defender for open-source databases is now available on AWS for Amazon instances (Preview)](#defender-for-open-source-databases-is-now-available-on-aws-for-amazon-instances-preview)|
33
34
35
+
### General availability of agentless malware detection in Defender for Servers Plan 2
36
+
37
+
May 30, 2024
38
+
39
+
We're announcing the release of Defender for Cloud's agentless malware detection for Azure virtual machines (VMs), AWS EC2 instances, and GCP VM instances, as a new feature included in [Defender for Servers Plan 2](plan-defender-for-servers-select-plan.md#plan-features).
40
+
41
+
Agentless malware detection for VMs is now included in our agentless scanning platform. Agentless malware detection utilizes [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows) anti-malware engine to scan and detect malicious files. Any detected threats, trigger security alerts directly into Defender for Cloud and Defender XDR, where they can be investigated and remediated. The Agentless malware scanner complements the agent-based coverage with a second layer of threat detection with frictionless onboarding and has no effect on your machine's performance.
42
+
43
+
Learn more about [agentless malware scanning](agentless-malware-scanning.md) for servers and [agentless scanning for VMs](concept-agentless-data-collection.md).
34
44
35
45
### General Availability of Unified Disk Encryption recommendations
36
46
@@ -43,9 +53,9 @@ The following Unified Disk Encryption recommendations are now generally availabl
43
53
|[Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost](https://ms.portal.azure.com/#view/Microsoft_Azure_Security/GenericRecommendationDetailsBlade/assessmentKey/a40cc620-e72c-fdf4-c554-c6ca2cd705c0)| a40cc620-e72c-fdf4-c554-c6ca2cd705c0 |
44
54
|[Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost](https://ms.portal.azure.com/#view/Microsoft_Azure_Security/GenericRecommendationDetailsBlade/assessmentKey/0cb5f317-a94b-6b80-7212-13a9cc8826af)| 0cb5f317-a94b-6b80-7212-13a9cc8826af |
45
55
46
-
Azure Disk Encryption (ADE) and EncryptionAtHost provide encryption at rest coverage, as described in [Overview of managed disk encryption options - Azure Virtual Machines](/azure/virtual-machines/disk-encryption-overview), and we recommend enabling either of these on virtual machines.
56
+
Azure Disk Encryption (ADE) and EncryptionAtHost provide encryption at rest coverage, as described in [Overview of managed disk encryption options - Azure Virtual Machines](/azure/virtual-machines/disk-encryption-overview), and we recommend enabling either of these on virtual machines.
47
57
48
-
The recommendations depend on [Guest configuration](/azure/governance/machine-configuration/overview). The recommendations in this document are dependent on the configuration of the guest operating system. To ensure that the recommendations can be properly assessed for compliance, it is necessary to enable the required prerequisites on all virtual machines.
58
+
The recommendations depend on [Guest configuration](/azure/governance/machine-configuration/overview). The recommendations in this document are dependent on the configuration of the guest operating system. To ensure that the recommendations can be properly assessed for compliance, it is necessary to enable the required prerequisites on all virtual machines.
49
59
50
60
These recommendations replace the recommendation [Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/d57a4221-a804-52ca-3dea-768284f06bb7).
51
61
@@ -59,7 +69,7 @@ Microsoft Defender for Cloud enhances the Center for Internet Security (CIS) ben
59
69
60
70
May 22, 2024
61
71
62
-
You can now configure email notifications for attack paths in Defender for Cloud. This feature allows you to receive email notifications when an attack path is detected with a specified risk level or higher.
72
+
You can now configure email notifications for attack paths in Defender for Cloud. This feature allows you to receive email notifications when an attack path is detected with a specified risk level or higher.
63
73
Learn how to [configure email notifications](configure-email-notifications.md).
64
74
65
75
### Advanced hunting in Microsoft Defender XDR now includes Defender for Cloud alerts and incidents
@@ -78,7 +88,7 @@ We are announcing the public preview of the Checkov integration for DevOps secur
78
88
79
89
While in preview, Checkov must be explicitly invoked through the 'tools' input parameter for the MSDO CLI.
80
90
81
-
Learn more about [DevOps security in Defender for Cloud](defender-for-devops-introduction.md) and configuring the MSDO CLI for [Azure DevOps](azure-devops-extension.yml) and [GitHub](github-action.md).
91
+
Learn more about [DevOps security in Defender for Cloud](defender-for-devops-introduction.md) and configuring the MSDO CLI for [Azure DevOps](azure-devops-extension.yml) and [GitHub](github-action.md).
82
92
83
93
### General availability of permissions management in Defender for Cloud
0 commit comments