You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: exposure-management/predefined-classification-rules-and-levels.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -113,4 +113,8 @@ Current asset types are:
113
113
| Immutable Azure Storage | Cloud resource | Medium | This rule applies to Azure storage accounts that have immutability support enabled. Immutability stores business data in a write once read many (WORM) state, and usually indicates that the storage account holds critical or sensitive data that must be protected from modification. |
114
114
| Immutable and Locked Azure Storage | Cloud resource | High | This rule applies to Azure storage accounts that have immutability support enabled with a locked policy. Immutability stores business data in a write once read many (WORM). Data protection is increased with a locked policy to ensure that data can’t be deleted or its retention time shortened. These settings usually indicate that the storage account holds critical or sensitive data that must be protected from modification or deletion. Data might also need to align with compliance policies for data protection. |
115
115
| Azure Virtual Machine with a Critical User Signed In | Cloud resource | High | This rule applies to virtual machines protected by Defender for Endpoint, where a user with a high or very high criticality level is signed in. The signed-in user can be through a joined or registered device, an active browser session, or other means. |
116
-
| Key Vaults with Many Connected Identities | Cloud resource | High | This rule identifies Key Vaults that can be accessed by a large number of identities, compared to other Key Vaults. This often indicates that the Key Vault is used by critical workloads, such as production services. |
116
+
| Azure Key Vaults with Many Connected Identities | Cloud resource | High | This rule identifies Key Vaults that can be accessed by a large number of identities, compared to other Key Vaults. This often indicates that the Key Vault is used by critical workloads, such as production services. |
117
+
| Locked Azure Kubernetes Service cluster | Cloud resource | Low | This is an Azure Kubernetes Service cluster that is safeguarded by a lock. Locks are used to protect assets from deletion and modifications. Usually, administrators use locks to safeguard critical cloud assets in their environment, and to protect them from accidental deletion and unauthorized modifications. |
118
+
| Premium tier Azure Kubernetes Service cluster | Cloud resource | High | This rule applies to Azure Kubernetes Service clusters with premium tier cluster management. Premium tiers are recommended for running production or mission-critical workloads that need high availability and reliability. |
119
+
| Azure Kubernetes Service cluster with multiple nodes | Cloud resource | High | This rule applies to Azure Kubernetes Service clusters with a large number of nodes. This often indicates that the cluster is used for critical workloads, such as production workloads. |
120
+
| Azure Arc Kubernetes cluster with multiple nodes | Cloud Resource | High | This rule applies to Azure Arc Kubernetes clusters with a large number of nodes. This often indicates that the cluster is used for critical workloads, such as production workloads. |
| Locked Azure Kubernetes Service cluster | This rule applies to Azure Kubernetes Service clusters that are safeguarded by a lock. |
36
+
| Premium tier Azure Kubernetes Service cluster | This rule applies to premium tier Azure Kubernetes Service clusters. |
37
+
| Azure Kubernetes Service cluster with multiple nodes | This rule applies to Azure Kubernetes Service clusters with multiple nodes. |
38
+
| Azure Arc Kubernetes cluster with multiple nodes | This rule applies to Azure Arc clusters with multiple nodes. |
39
+
40
+
For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
41
+
29
42
### New documentation library for Microsoft's unified security operations platform
30
43
31
44
Find centralized documentation about [Microsoft's unified SecOps platform in the Microsoft Defender portal](/unified-secops-platform/overview-unified-security). Microsoft's unified SecOps platform brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, Microsoft Security Exposure Management, and generative AI into the Defender portal. Learn about the features and functionality available with Microsoft's unified SecOps platform, then start to plan your deployment.
@@ -138,6 +151,8 @@ The following predefined classification rule was added to the critical assets li
|**Hyper-V Server**| This rule applies to devices identified as Hyper-V servers within a domain. These servers are essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. |
140
153
154
+
For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
155
+
141
156
### Enhanced visibility for scoped users
142
157
143
158
This change now allows users who have been granted access to only some of the organization's devices to see the list of affected assets in metrics, recommendations, events, and initiative history within their specific scope.
0 commit comments