You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/upcoming-changes.md
+2-36Lines changed: 2 additions & 36 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Important changes coming to Microsoft Defender for Cloud
3
3
description: Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan
4
4
ms.topic: overview
5
-
ms.date: 09/20/2022
5
+
ms.date: 10/20/2022
6
6
---
7
7
8
8
# Important upcoming changes to Microsoft Defender for Cloud
@@ -18,41 +18,7 @@ If you're looking for the latest release notes, you'll find them in the [What's
18
18
19
19
| Planned change | Estimated date for change |
20
20
|--|--|
21
-
|[Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations)| October 2022 |
22
-
23
-
### Multiple changes to identity recommendations
24
-
25
-
**Estimated date for change:** October 2022
26
-
27
-
Defender for Cloud includes multiple recommendations for improving the management of users and accounts. In October, we'll be making the changes outlined below.
28
-
29
-
#### New recommendations in preview
30
-
31
-
The new release will bring the following capabilities:
32
-
33
-
-**Extended evaluation scope** – Improved coverage to identity accounts without MFA and external accounts on Azure resources (instead of subscriptions only) allowing security admins to view role assignments per account.
34
-
35
-
-**Improved freshness interval** - Currently, the identity recommendations have a freshness interval of 24 hours. This update will reduce that interval to 12 hours.
36
-
37
-
-**Account exemption capability** - Defender for Cloud has many features you can use to customize your experience and ensure that your secure score reflects your organization's security priorities. For example, you can [exempt resources and recommendations from your secure score](exempt-resource.md).
38
-
39
-
This update will allow you to exempt specific accounts from evaluation with the six recommendations listed in the following table.
40
-
41
-
Typically, you'd exempt emergency “break glass” accounts from MFA recommendations, because such accounts are often deliberately excluded from an organization's MFA requirements. Alternatively, you might have external accounts that you'd like to permit access to but which don't have MFA enabled.
42
-
43
-
> [!TIP]
44
-
> When you exempt an account, it won't be shown as unhealthy and also won't cause a subscription to appear unhealthy.
45
-
46
-
|Recommendation| Assessment key|
47
-
|--|--|
48
-
|Accounts with owner permissions on Azure resources should be MFA enabled|6240402e-f77c-46fa-9060-a7ce53997754|
49
-
|Accounts with write permissions on Azure resources should be MFA enabled|c0cb17b2-0607-48a7-b0e0-903ed22de39b|
50
-
|Accounts with read permissions on Azure resources should be MFA enabled|dabc9bc4-b8a8-45bd-9a5a-43000df8aa1c|
51
-
|Guest accounts with owner permissions on Azure resources should be removed|20606e75-05c4-48c0-9d97-add6daa2109a|
52
-
|Guest accounts with write permissions on Azure resources should be removed|0354476c-a12a-4fcc-a79d-f0ab7ffffdbb|
53
-
|Guest accounts with read permissions on Azure resources should be removed|fde1c0c9-0fd2-4ecc-87b5-98956cbc1095|
54
-
|Blocked accounts with owner permissions on Azure resources should be removed|050ac097-3dda-4d24-ab6d-82568e7a50cf|
55
-
|Blocked accounts with read and write permissions on Azure resources should be removed| 1ff0b4c9-ed56-4de6-be9c-d7ab39645926 |
0 commit comments