You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/anomaly-detection-policy.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,10 @@ ms.topic: how-to
7
7
8
8
# Create Defender for Cloud Apps anomaly detection policies
9
9
10
-
10
+
> [!IMPORTANT]
11
+
>
12
+
> Starting June 2025, Microsoft Defender for Cloud Apps began transitioning existing anomaly detection policies to a dynamic threat detection model.
13
+
> For more details see the section [Dynamic threat detection model](#dynamic-threat-detection-model) in this article.
11
14
12
15
The Microsoft Defender for Cloud Apps anomaly detection policies provide out-of-the-box user and entity behavioral analytics (UEBA) and machine learning (ML) so that you're ready from the outset to run advanced threat detection across your cloud environment. Because they're automatically enabled, the new anomaly detection policies immediately start the process of detecting and collating results, targeting numerous behavioral anomalies across your users and the machines and devices connected to your network. In addition, the policies expose more data from the Defender for Cloud Apps detection engine, to help you speed up the investigation process and contain ongoing threats.
13
16
@@ -35,11 +38,10 @@ These policies appear on the Defender for Cloud Apps policies page and can be en
35
38
36
39
## Dynamic threat detection model
37
40
38
-
39
-
Starting June 2025, Microsoft Defender for Cloud Apps began transitioning existing anomaly detection policies to a dynamic threat detection model. This model automatically updates detection logic based on the evolving threat landscape and is designed to improve and maintain a high signal-to-noise ratio (SNR). This approach ensures that detections stay current as attacker behavior changes, without requiring manual configuration or policy updates. The result is more timely and accurate alerts, with fewer outdated or redundant detections. As a result, you might notice that some of the legacy policies have been disabled.
41
+
Microsoft Defender for Cloud apps dynamic Threat detection model automatically updates detection logic based on the evolving threat landscape and is designed to improve and maintain a high signal-to-noise ratio (SNR). This approach ensures that detections stay current as attacker behavior changes, without requiring manual configuration or policy updates. The result is more timely and accurate alerts, with fewer outdated or redundant detections. As a result, you might notice that some of the legacy policies have been disabled.
40
42
41
43
> [!NOTE]
42
-
> If you previously configured governance actions for a policy, and it has been disabled, you can re-enable it in the Microsoft Defender portal > Cloud Apps > Policy management page.
44
+
> If you previously configured governance actions and email notifications for a policy, and it has been disabled, you can re-enable it in the Microsoft Defender portal > Cloud Apps > Policy management page.
43
45
44
46
You will continue to receive the same standard of protection without disruption to your existing security coverage. No action is required from your side.
45
47
@@ -50,13 +52,11 @@ The initial policies being transitioned to the dynamic model include:
Microsoft Defender for Cloud Apps now uses a dynamic threat detection model that adapts detection logic to evolving attack behavior. This update helps improve alert accuracy and reduces outdated detections. Several legacy anomaly detection policies have been transitioned to this model.
36
+
For more information see: [Create Defender for Cloud Apps anomaly detection policies](anomaly-detection-policy.md)
0 commit comments