You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/release-notes.md
+37-32Lines changed: 37 additions & 32 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Release notes for Microsoft Defender for Cloud
3
3
description: A description of what's new and changed in Microsoft Defender for Cloud
4
4
ms.topic: reference
5
-
ms.date: 08/21/2022
5
+
ms.date: 09/04/2022
6
6
---
7
7
8
8
# What's new in Microsoft Defender for Cloud?
@@ -16,6 +16,42 @@ To learn about *planned* changes that are coming soon to Defender for Cloud, see
16
16
> [!TIP]
17
17
> If you're looking for items older than six months, you'll find them in the [Archive for What's new in Microsoft Defender for Cloud](release-notes-archive.md).
18
18
19
+
## September 2022
20
+
21
+
Updates in September include:
22
+
23
+
-[Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations)
24
+
25
+
### Multiple changes to identity recommendations
26
+
27
+
There have been changes to Defender for Cloud's multiple recommendations for improving the management of users and accounts.
28
+
29
+
#### New recommendations
30
+
31
+
The new release contains the following capabilities:
32
+
33
+
-**Extended evaluation scope** – Coverage has been improved for identity accounts without MFA and external accounts on Azure resources (instead of subscriptions only) which allows your security administrators to view role assignments per account.
34
+
35
+
-**Improved freshness interval** - The identity recommendations now have a freshness interval of 12 hours.
36
+
37
+
-**Account exemption capability** - Defender for Cloud has many features you can use to customize your experience and ensure that your secure score reflects your organization's security priorities. For example, you can [exempt resources and recommendations from your secure score](exempt-resource.md).
38
+
39
+
This update allows you to exempt specific accounts from evaluation with the six recommendations listed in the following table.
40
+
41
+
Typically, you'd exempt emergency “break glass” accounts from MFA recommendations, because such accounts are often deliberately excluded from an organization's MFA requirements. Alternatively, you might have external accounts that you'd like to permit access to but which don't have MFA enabled.
42
+
43
+
> [!TIP]
44
+
> When you exempt an account, it won't be shown as unhealthy and also won't cause a subscription to appear unhealthy.
45
+
46
+
|Recommendation| Assessment key|
47
+
|-|-|
48
+
|MFA should be enabled on accounts with owner permissions on your subscription|94290b00-4d0c-d7b4-7cea-064a9554e681|
49
+
|MFA should be enabled on accounts with read permissions on your subscription|151e82c5-5341-a74b-1eb0-bc38d2c84bb5|
50
+
|MFA should be enabled on accounts with write permissions on your subscription|57e98606-6b1e-6193-0e3d-fe621387c16b|
51
+
|External accounts with owner permissions should be removed from your subscription|c3b6ae71-f1f0-31b4-e6c1-d5951285d03d|
52
+
|External accounts with read permissions should be removed from your subscription|a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b|
53
+
|External accounts with write permissions should be removed from your subscription|04e7147b-0deb-9796-2e5c-0336343ceb3d|
54
+
19
55
## August 2022
20
56
21
57
Updates in August include:
@@ -69,7 +105,6 @@ Updates in July include:
69
105
-[Integration with Entra Permissions Management](#integration-with-entra-permissions-management)
70
106
-[Key Vault recommendations changed to "audit"](#key-vault-recommendations-changed-to-audit)
71
107
-[Deprecate API App policies for App Service](#deprecate-api-app-policies-for-app-service)
72
-
-[Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations)
73
108
74
109
### General availability (GA) of the cloud-native security agent for Kubernetes runtime protection
75
110
@@ -142,36 +177,6 @@ We deprecated the following policies to corresponding policies that already exis
142
177
|`Ensure that 'Java version' is the latest, if used as a part of the API app`|`App Service apps that use Java should use the latest 'Java version`|
143
178
|`Latest TLS version should be used in your API App`|`App Service apps should use the latest TLS version`|
144
179
145
-
### Multiple changes to identity recommendations
146
-
147
-
There have been changes to Defender for Cloud's multiple recommendations for improving the management of users and accounts.
148
-
149
-
#### New recommendations
150
-
151
-
The new release contains the following capabilities:
152
-
153
-
-**Extended evaluation scope** – Coverage has been improved for identity accounts without MFA and external accounts on Azure resources (instead of subscriptions only) which allows your security administrators to view role assignments per account.
154
-
155
-
-**Improved freshness interval** - The identity recommendations now have a freshness interval of 12 hours.
156
-
157
-
-**Account exemption capability** - Defender for Cloud has many features you can use to customize your experience and ensure that your secure score reflects your organization's security priorities. For example, you can [exempt resources and recommendations from your secure score](exempt-resource.md).
158
-
159
-
This update allows you to exempt specific accounts from evaluation with the six recommendations listed in the following table.
160
-
161
-
Typically, you'd exempt emergency “break glass” accounts from MFA recommendations, because such accounts are often deliberately excluded from an organization's MFA requirements. Alternatively, you might have external accounts that you'd like to permit access to but which don't have MFA enabled.
162
-
163
-
> [!TIP]
164
-
> When you exempt an account, it won't be shown as unhealthy and also won't cause a subscription to appear unhealthy.
165
-
166
-
|Recommendation| Assessment key|
167
-
|-|-|
168
-
|MFA should be enabled on accounts with owner permissions on your subscription|94290b00-4d0c-d7b4-7cea-064a9554e681|
169
-
|MFA should be enabled on accounts with read permissions on your subscription|151e82c5-5341-a74b-1eb0-bc38d2c84bb5|
170
-
|MFA should be enabled on accounts with write permissions on your subscription|57e98606-6b1e-6193-0e3d-fe621387c16b|
171
-
|External accounts with owner permissions should be removed from your subscription|c3b6ae71-f1f0-31b4-e6c1-d5951285d03d|
172
-
|External accounts with read permissions should be removed from your subscription|a8c6a4ad-d51e-88fe-2979-d3ee3c864f8b|
173
-
|External accounts with write permissions should be removed from your subscription|04e7147b-0deb-9796-2e5c-0336343ceb3d|
0 commit comments