new caps rules

DebLanger · DebLanger · commit 643232ccd585 · 2024-11-18T15:54:42.000+02:00
diff --git a/exposure-management/predefined-classification-rules-and-levels.md b/exposure-management/predefined-classification-rules-and-levels.md
@@ -110,3 +110,7 @@ Current asset types are:
 | Immutable and Locked Azure Storage                           | Cloud resource | High                      | This rule applies to Azure storage accounts that have immutability support enabled with a locked policy. Immutability stores business data in a write once read many (WORM). Data protection is increased with a locked policy to ensure that data can’t be deleted or its retention time shortened. These settings usually indicate that the storage account holds critical or sensitive data that must be protected from modification or deletion. Data might also need to align with compliance policies for data protection. |
 | Azure Virtual Machine with a Critical User Signed-in         | Cloud resource | High                      | This rule applies to virtual machines protected by Defender for Endpoint, where a user with a high or very high criticality level is signed in. The signed-in user can be through a joined or registered device, an active browser session, or other means. |
 | Azure Key Vaults with Many Connected Identities              | Cloud resource | High                      | This rule identifies Key Vaults that can be accessed by a large number of identities, compared to other Key Vaults. This often indicates that the Key Vault is used by critical workloads, such as production services. |
+| Locked Azure Kubernetes service cluster              | Cloud resource | Low                       | This is an Azure Kubernetes Service cluster that is safeguarded by a lock. Locks are used to protect assets from deletion and modifications. Usually, administrators use locks to safeguard critical cloud assets in their environment, and to protect them from accidental deletion and unauthorized modifications. |
+| Premium tier Azure Kubernetes Service cluster        | Cloud resource | High                      | This rule applies to Azure Kubernetes Service clusters with premium tier cluster management. Premium tiers are recommended for running production or mission-critical workloads that need high availability and reliability. |
+| Azure Kubernetes service cluster with multiple nodes | Cloud resource | High                      | This rule applies to Azure Kubernetes Service clusters with a large number of nodes. This often indicates that the cluster is used for critical workloads, such as production workloads. |
+| Azure Arc cluster with multiple nodes                | Cloud Resource | High                      | This rule applies to Azure Arc Kubernetes clusters with a large number of nodes. This often indicates that the cluster is used for critical workloads, such as production workloads. |
diff --git a/exposure-management/whats-new.md b/exposure-management/whats-new.md
@@ -26,6 +26,19 @@ Learn more about MSEM by reading the blogs, [here](https://techcommunity.microso
 
 ## November 2024
 
+### New predefined classifications
+
+The following predefined classification rules were added to the critical assets list:
+
+| Classification                                       | Description                                                  |
+| :--------------------------------------------------- | :----------------------------------------------------------- |
+| Locked Azure Kubernetes Service cluster              | This rule applies to Azure Kubernetes service clusters that are safeguarded by a lock. |
+| Premium tier Azure Kubernetes Service cluster        | This rule applies to premium tier Azure Kubernetes service clusters. |
+| Azure Kubernetes Service cluster with multiple nodes | This rule applies to Azure Kubernetes service clusters with multiple nodes. |
+| Azure Arc Kubernetes cluster with multiple nodes     | This rule applies to Azure Arc clusters with multiple nodes. |
+
+For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
+
 ### Announcing the General Availability of Microsoft Security Exposure Management
 
 We are excited to announce the general availability of Microsoft Security Exposure Management. This powerful tool helps organizations focus on their most critical exposures and act swiftly. By integrating security insights across the entire digital estate, it provides a comprehensive view of risk posture, enabling faster, more informed decisions to reduce exposure before attackers can exploit it.
@@ -109,6 +122,8 @@ The following predefined classification rule was added to the critical assets li
 | ------------------------------------------------------------ | ------------------------------------------------------------ |
 | **Hyper-V Server**                                                 | This rule applies to devices identified as Hyper-V servers within a domain. These servers are essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. |
 
+For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
+
 ### Enhanced visibility for scoped users
 
 This change now allows users who have been granted access to only some of the organization's devices to see the list of affected assets in metrics, recommendations, events, and initiative history within their specific scope.
