release-PCI deprecations

AlizaBernstein · AlizaBernstein · commit c9fb95f02180 · 2024-02-28T17:41:06.000+02:00
diff --git a/articles/defender-for-cloud/enable-permissions-management.md b/articles/defender-for-cloud/enable-permissions-management.md
@@ -132,7 +132,7 @@ The integration feature comes as part of Defender CSPM plan and doesn't require
 | Category  | Capabilities                                                 | Defender for Cloud | Permissions Management |
 | --------- | ------------------------------------------------------------ | ------------------ | ---------------------- |
 | Discover  | Permissions  discovery for risky identities (including unused identities, overprovisioned  active identities, super identities) in Azure, AWS, GCP | ✓                  | ✓                      |
-| Discover  | Permissions  Creep Index (PCI) for multicloud environments (Azure, AWS, GCP) and all  identities | ✓                  | ✓                      |
+| Discover  | Permissions  Creep Index (PCI) for multicloud environments (Azure, AWS, GCP) and all  identities | ❌                  | ✓                      |
 | Discover  | Permissions  discovery for all identities, groups in Azure, AWS, GCP | ❌                  | ✓                      |
 | Discover  | Permissions  usage analytics, role / policy assignments in Azure, AWS, GCP | ❌                  | ✓                      |
 | Discover  | Support  for Identity Providers (including AWS IAM Identity Center, Okta, GSuite) | ❌                  | ✓                      |
diff --git a/articles/defender-for-cloud/recommendations-reference.md b/articles/defender-for-cloud/recommendations-reference.md
@@ -1441,13 +1441,6 @@ Learn more in [Introduction to Microsoft Defender for Storage](/azure/defender-f
 
 **Severity**: Low
 
-### [Over-provisioned identities in subscriptions should be investigated to reduce the Permission Creep Index (PCI)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/d103537b-9f3d-4658-a568-31dd66eb05cb)
-
-**Description**: Over-provisioned identities in subscription should be investigated to reduce the Permission Creep Index (PCI) and to safeguard your infrastructure. Reduce the PCI by removing the unused high risk permission assignments. High PCI reflects risk associated with the identities with permissions that exceed their normal or required usage
-(No related policy).
-
-**Severity**: Medium
-
 ### [Private endpoint connections on Azure SQL Database should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/75396512-3323-9be4-059d-32ecb113c3de)
 
 **Description**: Private endpoint connections enforce secure communication by enabling private connectivity to Azure SQL Database.
@@ -2153,6 +2146,19 @@ Note that the following subnet types will be listed as not applicable: GatewaySu
 
 ## Deprecated recommendations
 
+### [Over-provisioned identities in subscriptions should be investigated to reduce the Permission Creep Index (PCI)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/d103537b-9f3d-4658-a568-31dd66eb05cb)
+
+**Description**: Over-provisioned identities in subscription should be investigated to reduce the Permission Creep Index (PCI) and to safeguard your infrastructure. Reduce the PCI by removing the unused high risk permission assignments. High PCI reflects risk associated with the identities with permissions that exceed their normal or required usage
+(No related policy).
+
+**Severity**: Medium
+
+### [Over-provisioned identities in accounts should be investigated to reduce the Permission Creep Index (PCI)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security/CloudKnoxAwsRecommendationDetailsBlade/assessmentKey/2482620f-f324-4add-af68-2e01e27485e9)
+
+**Description**: Over-provisioned identities in accounts should be investigated to reduce the Permission Creep Index (PCI) and to safeguard your infrastructure. Reduce the PCI by removing the unused high risk permission assignments. High PCI reflects risk associated with the identities with permissions that exceed their normal or required usage.
+
+**Severity**: Medium
+
 ### Access to App Services should be restricted
 
 **Description & related policy**: Restrict access to your App Services by changing the networking configuration, to deny inbound traffic from ranges that are too broad.
diff --git a/articles/defender-for-cloud/release-notes.md b/articles/defender-for-cloud/release-notes.md
@@ -24,13 +24,25 @@ If you're looking for items older than six months, you can find them in the [Arc
 
 |Date | Update |
 |----------|----------|
+| February 28 | [Deprecation of two recommendations related to PCI](#deprecation-of-two-recommendations-related-to-pci) |
 | February 28 | [Updated security policy management expands support to AWS and GCP](#updated-security-policy-management-expands-support-to-aws-and-gcp) |
 | February 26 | [Cloud support for Defender for Containers](#cloud-support-for-defender-for-containers) |
 | February 20 | [New version of Defender Agent for Defender for Containers](#new-version-of-defender-agent-for-defender-for-containers) |
 | February 18| [Open Container Initiative (OCI) image format specification support](#open-container-initiative-oci-image-format-specification-support) |
 | February 13 | [AWS container vulnerability assessment powered by Trivy retired](#aws-container-vulnerability-assessment-powered-by-trivy-retired) |
 | February 8 | [Recommendations released for preview: four recommendations for Azure Stack HCI resource type](#recommendations-released-for-preview-four-recommendations-for-azure-stack-hci-resource-type) |
 
+### Deprecation of two recommendations related to PCI
+
+February 28, 2024
+
+THe following two recommendations related to PErmission Creep Index (PCI) are being deprecated:
+
+- [Over-provisioned identities in accounts should be investigated to reduce the Permission Creep Index (PCI)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security/CloudKnoxAwsRecommendationDetailsBlade/assessmentKey/2482620f-f324-4add-af68-2e01e27485e9)
+- [Over-provisioned identities in subscriptions should be investigated to reduce the Permission Creep Index (PCI)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security/CloudKnoxRecommendationDetailsBlade/assessmentKey/d103537b-9f3d-4658-a568-31dd66eb05cb)
+
+See the [list of deprecated security recommendations](recommendations-reference.md#deprecated-recommendations).
+
 ### Updated security policy management expands support to AWS and GCP
 
 February 28, 2024
