You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/upcoming-changes.md
+26-26Lines changed: 26 additions & 26 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Important changes coming to Microsoft Defender for Cloud
3
3
description: Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan
4
4
ms.topic: overview
5
-
ms.date: 07/10/2022
5
+
ms.date: 07/28/2022
6
6
---
7
7
8
8
# Important upcoming changes to Microsoft Defender for Cloud
@@ -21,9 +21,9 @@ If you're looking for the latest release notes, you'll find them in the [What's
21
21
|[Changes to recommendations for managing endpoint protection solutions](#changes-to-recommendations-for-managing-endpoint-protection-solutions)| June 2022 |
22
22
|[Key Vault recommendations changed to "audit"](#key-vault-recommendations-changed-to-audit)| June 2022 |
23
23
|[Deprecating three VM alerts](#deprecating-three-vm-alerts)| June 2022|
24
-
|[Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations)| July 2022 |
25
24
|[Deprecate API App policies for App Service](#deprecate-api-app-policies-for-app-service)| July 2022 |
26
25
|[Change in pricing of Runtime protection for Arc-enabled Kubernetes clusters](#change-in-pricing-of-runtime-protection-for-arc-enabled-kubernetes-clusters)| August 2022 |
26
+
|[Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations)| September 2022 |
27
27
28
28
### Changes to recommendations for managing endpoint protection solutions
29
29
@@ -72,6 +72,30 @@ The following table lists the alerts that will be deprecated during June 2022.
72
72
73
73
These alerts are used to notify a user about suspicious activity connected to a Kubernetes cluster. The alerts will be replaced with matching alerts that are part of the Microsoft Defender for Cloud Container alerts (`K8S.NODE_ImageBuildOnNode`, `K8S.NODE_ KubernetesAPI` and `K8S.NODE_ ContainerSSH`) which will provide improved fidelity and comprehensive context to investigate and act on the alerts. Learn more about alerts for [Kubernetes Clusters](alerts-reference.md).
74
74
75
+
### Deprecate API App policies for App Service
76
+
77
+
**Estimated date for change:** July 2022
78
+
79
+
We will be deprecating the following policies to corresponding policies that already exist to include API apps:
80
+
81
+
| To be deprecated | Changing to |
82
+
|--|--|
83
+
|`Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'`|`App Service apps should have 'Client Certificates (Incoming client certificates)' enabled`|
84
+
|`Ensure that 'Python version' is the latest, if used as a part of the API app`|`App Service apps that use Python should use the latest 'Python version`|
85
+
|`CORS should not allow every resource to access your API App`|`App Service apps should not have CORS configured to allow every resource to access your apps`|
86
+
|`Managed identity should be used in your API App`|`App Service apps should use managed identity`|
87
+
|`Remote debugging should be turned off for API Apps`|`App Service apps should have remote debugging turned off`|
88
+
|`Ensure that 'PHP version' is the latest, if used as a part of the API app`|`App Service apps that use PHP should use the latest 'PHP version'`|
89
+
|`FTPS only should be required in your API App`|`App Service apps should require FTPS only`|
90
+
|`Ensure that 'Java version' is the latest, if used as a part of the API app`|`App Service apps that use Java should use the latest 'Java version`|
91
+
|`Latest TLS version should be used in your API App`|`App Service apps should use the latest TLS version`|
92
+
93
+
### Change in pricing of runtime protection for Arc-enabled Kubernetes clusters
94
+
95
+
**Estimated date for change:** August 2022
96
+
97
+
Runtime protection is currently a preview feature for Arc-enabled Kubernetes clusters. In August, Arc-enabled Kubernetes clusters will be charged for runtime protection. You can view pricing details on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/). Subscriptions with Kubernetes clusters already onboarded to Arc, will begin to incur charges in August.
98
+
75
99
### Multiple changes to identity recommendations
76
100
77
101
**Estimated date for change:** July 2022
@@ -106,30 +130,6 @@ The new release will bring the following capabilities:
106
130
|Blocked accounts with owner permissions on Azure resources should be removed|050ac097-3dda-4d24-ab6d-82568e7a50cf|
107
131
|Blocked accounts with read and write permissions on Azure resources should be removed| 1ff0b4c9-ed56-4de6-be9c-d7ab39645926 |
108
132
109
-
### Deprecate API App policies for App Service
110
-
111
-
**Estimated date for change:** July 2022
112
-
113
-
We will be deprecating the following policies to corresponding policies that already exist to include API apps:
114
-
115
-
| To be deprecated | Changing to |
116
-
|--|--|
117
-
|`Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'`|`App Service apps should have 'Client Certificates (Incoming client certificates)' enabled`|
118
-
|`Ensure that 'Python version' is the latest, if used as a part of the API app`|`App Service apps that use Python should use the latest 'Python version`|
119
-
|`CORS should not allow every resource to access your API App`|`App Service apps should not have CORS configured to allow every resource to access your apps`|
120
-
|`Managed identity should be used in your API App`|`App Service apps should use managed identity`|
121
-
|`Remote debugging should be turned off for API Apps`|`App Service apps should have remote debugging turned off`|
122
-
|`Ensure that 'PHP version' is the latest, if used as a part of the API app`|`App Service apps that use PHP should use the latest 'PHP version'`|
123
-
|`FTPS only should be required in your API App`|`App Service apps should require FTPS only`|
124
-
|`Ensure that 'Java version' is the latest, if used as a part of the API app`|`App Service apps that use Java should use the latest 'Java version`|
125
-
|`Latest TLS version should be used in your API App`|`App Service apps should use the latest TLS version`|
126
-
127
-
### Change in pricing of runtime protection for Arc-enabled Kubernetes clusters
128
-
129
-
**Estimated date for change:** August 2022
130
-
131
-
Runtime protection is currently a preview feature for Arc-enabled Kubernetes clusters. In August, Arc-enabled Kubernetes clusters will be charged for runtime protection. You can view pricing details on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/). Subscriptions with Kubernetes clusters already onboarded to Arc, will begin to incur charges in August.
132
-
133
133
## Next steps
134
134
135
135
For all recent changes to Defender for Cloud, see [What's new in Microsoft Defender for Cloud?](release-notes.md)
0 commit comments