![[MDC] What's new in Microsoft Defender for Cloud](/web/image/blog.post/309/author_avatar/%5BMDC%5D%20What%27s%20new%20in%20Microsoft%20Defender%20for%20Cloud?unique=31c9823)
Microsoft has introduced a set of new features in Microsoft Defender for Cloud (formerly Azure Defender or Azure Security Center).
Microsoft Defender for Cloud is a unified cloud-native application protection platform that helps strengthen your security posture, enables protection against modern threats, and helps reduce risk throughout the cloud application lifecycle in multi-cloud and hybrid environments.
• Direct integration (without Azure Arc) with Defender for Servers is generally available. Previously, Azure Arc was required to onboard non-Azure servers to Defender for Servers. However, with the latest release, you can also onboard your on-premises servers to Defender for Servers using only the Microsoft Defender for Endpoint agent. This new method simplifies the onboarding process for customers who focus on endpoint protection and allows you to take advantage of Defender for Servers consumption-based billing for both cloud and non-cloud assets. The direct onboarding option via Defender for Endpoint is available now, and billing for onboarded machines will begin on July 1st.
• Express configuration for vulnerability assessments in Defender for SQL is now available. The express configuration offers a streamlined onboarding experience for SQL vulnerability assessments using a one-click setup (or API call). There is no need for additional settings or dependencies on managed storage accounts.
• Defender for Cloud has improved the onboarding experience by including a new user interface and streamlined instructions, as well as new capabilities that allow you to onboard your AWS and GCP environments while providing access to advanced onboarding features.
• Support for Private Endpoint is now available as part of the Public Preview of malware scanning in Defender for Storage. This feature enables malware scanning on storage accounts using Private Endpoints. No additional configuration is required.
• A new container recommendation in Defender CSPM offered via MDVM is available in Public Preview:
• Running container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) (Preview) : Container image vulnerability assessment scans your registry for commonly known vulnerabilities (CVE) and provides a detailed vulnerability report for each image. This recommendation provides visibility into vulnerable images running in your Kubernetes clusters. Remediating vulnerabilities in running container images is essential to improving your security posture, significantly reducing the attack surface of your containerized workloads.
• You can now discover potential security savings by applying Defender for Cloud as part of an Azure Migrate business case.
•Defender for DevOps has added the following additional scopes to the Azure DevOps (ADO) application:
• Advance Security management: vso.advsec_manage. is required to enable, disable and manage GitHub Advanced Security for ADO.
• Container Mapping: vso.extension_manage, vso.gallery_manager; Required to share the decorator extension with the ADO organisation.
Only new Defender for DevOps customers attempting to onboard ADO resources to Microsoft Defender for Cloud are affected by this change.
• With the capabilities Agentless Container Posture available in Defender CSPM, agent-based discovery capabilities are now retired. If you are currently using container capabilities in Defender CSPM, please ensure that the relevant extensions are enabled to continue receiving container-related value from the new agentless capabilities, such as attack paths, container-related insights and inventory. (The effects of enabling extensions may take up to 24 hours).
• The NIST 800-53 standards (R4 and R5) have recently been updated with control changes in Microsoft Defender for Cloud for regulatory compliance. Microsoft-managed controls have been removed from the standard, and information on the implementation of Microsoft's responsibility (as part of the shared responsibility model in the Cloud) is now only available in the control details pane under Microsoft Actions.