You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-[Moved the recommendation Vulnerabilities in container security configurations should be remediated from the secure score to best practices](#moved-the-recommendation-vulnerabilities-in-container-security-configurations-should-be-remediated-from-the-secure-score-to-best-practices)
30
+
- Deprecated the recommendation to use service principals to protect your subscriptions
30
31
31
32
### Deprecated the recommendations to install the network traffic data collection agent
32
33
@@ -82,6 +83,21 @@ The recommendation `Vulnerabilities in container security configurations should
82
83
83
84
The current user experience only provides the score when all compliance checks have passed. Most customers have difficulties with meeting all the required checks. We are working on an improved experience for this recommendation, and once released the recommendation will be moved back to the secure score.
84
85
86
+
### Deprecated the recommendation to use service principals to protect your subscriptions
87
+
88
+
As organizations move away from using management certificates to manage their subscriptions, and [our recent announcement that we're retiring the Cloud Services (classic) deployment model](https://azure.microsoft.com/updates/cloud-services-retirement-announcement/), we'll be deprecating the following Defender for Cloud recommendation and its related policy:
89
+
90
+
|Recommendation |Description |Severity |
91
+
|---|---|---|
92
+
|[Service principals should be used to protect your subscriptions instead of Management Certificates](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/2acd365d-e8b5-4094-bce4-244b7c51d67c)|Management certificates allow anyone who authenticates with them to manage the subscription(s) they are associated with. To manage subscriptions more securely, using service principals with Resource Manager is recommended to limit the blast radius in the case of a certificate compromise. It also automates resource management. <br />(Related policy: [Service principals should be used to protect your subscriptions instead of management certificates](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f6646a0bd-e110-40ca-bb97-84fcee63c414)) |Medium |
93
+
|||
94
+
95
+
Learn more:
96
+
97
+
-[Cloud Services (classic) deployment model is retiring on 31 August 2024](https://azure.microsoft.com/updates/cloud-services-retirement-announcement/)
98
+
-[Overview of Azure Cloud Services (classic)](../cloud-services/cloud-services-choose-me.md)
99
+
-[Workflow of Windows Azure classic VM Architecture - including RDFE workflow basics](../cloud-services/cloud-services-workflow-process.md)
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/upcoming-changes.md
+1-19Lines changed: 1 addition & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Important changes coming to Microsoft Defender for Cloud
3
3
description: Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan
4
4
ms.topic: overview
5
-
ms.date: 03/16/2022
5
+
ms.date: 03/20/2022
6
6
---
7
7
8
8
# Important upcoming changes to Microsoft Defender for Cloud
@@ -22,7 +22,6 @@ If you're looking for the latest release notes, you'll find them in the [What's
22
22
| Planned change | Estimated date for change |
23
23
|--|--|
24
24
|[Legacy implementation of ISO 27001 is being replaced with new ISO 27001:2013](#legacy-implementation-of-iso-27001-is-being-replaced-with-new-iso-270012013)| January 2022 |
25
-
|[Deprecating the recommendation to use service principals to protect your subscriptions](#deprecating-the-recommendation-to-use-service-principals-to-protect-your-subscriptions)| February 2022 |
26
25
|[Changes to recommendations for managing endpoint protection solutions](#changes-to-recommendations-for-managing-endpoint-protection-solutions)| March 2022 |
27
26
|[AWS and GCP recommendations to GA](#aws-and-gcp-recommendations-to-ga)| March 2022 |
28
27
|[Relocation of custom recommendations](#relocation-of-custom-recommendations)| March 2022 |
@@ -38,23 +37,6 @@ The legacy implementation of ISO 27001 will be removed from Defender for Cloud's
38
37
39
38
:::image type="content" source="media/upcoming-changes/removing-iso-27001-legacy-implementation.png" alt-text="Defender for Cloud's regulatory compliance dashboard showing the message about the removal of the legacy implementation of ISO 27001." lightbox="media/upcoming-changes/removing-iso-27001-legacy-implementation.png":::
40
39
41
-
### Deprecating the recommendation to use service principals to protect your subscriptions
42
-
43
-
**Estimated date for change:** February 2022
44
-
45
-
As organizations are moving away from using management certificates to manage their subscriptions, and [our recent announcement that we're retiring the Cloud Services (classic) deployment model](https://azure.microsoft.com/updates/cloud-services-retirement-announcement/), we'll be deprecating the following Defender for Cloud recommendation and its related policy:
46
-
47
-
|Recommendation |Description |Severity |
48
-
|---|---|---|
49
-
|[Service principals should be used to protect your subscriptions instead of Management Certificates](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/2acd365d-e8b5-4094-bce4-244b7c51d67c)|Management certificates allow anyone who authenticates with them to manage the subscription(s) they are associated with. To manage subscriptions more securely, using service principals with Resource Manager is recommended to limit the blast radius in the case of a certificate compromise. It also automates resource management. <br />(Related policy: [Service principals should be used to protect your subscriptions instead of management certificates](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f6646a0bd-e110-40ca-bb97-84fcee63c414)) |Medium |
50
-
|||
51
-
52
-
Learn more:
53
-
54
-
-[Cloud Services (classic) deployment model is retiring on 31 August 2024](https://azure.microsoft.com/updates/cloud-services-retirement-announcement/)
55
-
-[Overview of Azure Cloud Services (classic)](../cloud-services/cloud-services-choose-me.md)
56
-
-[Workflow of Windows Azure classic VM Architecture - including RDFE workflow basics](../cloud-services/cloud-services-workflow-process.md)
57
-
58
40
### Changes to recommendations for managing endpoint protection solutions
0 commit comments