You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/upcoming-changes.md
+10-1Lines changed: 10 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,7 @@ If you're looking for the latest release notes, you can find them in the [What's
25
25
26
26
| Planned change | Announcement date | Estimated date for change |
27
27
|--|--|--|
28
+
|[Update to agentless VM scanning built-in Azure role](#update-to-agentless-vm-scanning-built-in-azure-role)|January 14, 2024 | February 2024 |
28
29
|[Deprecation of two recommendations related to PCI](#deprecation-of-two-recommendations-related-to-pci)|January 14, 2024 | February 2024 |
29
30
|[Four new recommendations for Azure Stack HCI resource type](#four-new-recommendations-for-azure-stack-hci-resource-type)| January 11, 2024 | February 2024 |
30
31
|[Defender for Servers built-in vulnerability assessment (Qualys) retirement path](#defender-for-servers-built-in-vulnerability-assessment-qualys-retirement-path)| January 9, 2024 | May 2024 |
@@ -42,6 +43,14 @@ If you're looking for the latest release notes, you can find them in the [What's
42
43
|[Deprecating two security incidents](#deprecating-two-security-incidents)|| November 2023 |
43
44
|[Defender for Cloud plan and strategy for the Log Analytics agent deprecation](#defender-for-cloud-plan-and-strategy-for-the-log-analytics-agent-deprecation)|| August 2024 |
44
45
46
+
## Update to agentless VM scanning built-in Azure role
47
+
48
+
**Announcement date: January 14, 2024**
49
+
50
+
**Estimated date of change: February 2024**
51
+
52
+
In Azure, agentless scanning for VMs uses a built-in role (called [VM scanner operator](/azure/defender-for-cloud/faq-permissions)) with the minimum necessary permissions required to scan and assess your VMs for security issues. To continuously provide relevant scan health and configuration recommendations for VMs with encrypted volumes, an update to this role's permissions is planned. The update includes the addition of the ```Microsoft.Compute/DiskEncryptionSets/read``` permission. This permission solely enables improved identification of encrypted disk usage in VMs. It does not provide Defender for Cloud any additional capabilities to decrypt or access the content of these encrypted volumes beyond the encryption methods [already supported](/azure/defender-for-cloud/concept-agentless-data-collection#availability) prior to this change. This change is expected to take place during February 2024 and no action is required on your end.
53
+
45
54
## Deprecation of two recommendations related to PCI
46
55
47
56
**Announcement date: January 14, 2024**
@@ -75,7 +84,7 @@ Azure Stack HCI is set to be a new resource type that can be managed through Mic
75
84
**Estimated date for change: May 2024**
76
85
77
86
The Defender for Servers built-in vulnerability assessment solution powered by Qualys is on a retirement path which is estimated to complete on **May 1st, 2024**. If you're currently using the vulnerability assessment solution powered by Qualys, you should plan your [transition to the integrated Microsoft Defender vulnerability management solution](how-to-transition-to-built-in.md).
78
-
87
+
79
88
For more information about our decision to unify our vulnerability assessment offering with Microsoft Defender Vulnerability Management, you can read [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-cloud-unified-vulnerability-assessment-powered-by/ba-p/3990112).
80
89
81
90
You can also check out the [common questions about the transition to Microsoft Defender Vulnerability Management solution](faq-scanner-detection.yml).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments