What's new in April 2024 for Microsoft Defender for Cloud [MDC]

2024年6月18日由

KOUMBA MAVOUROULOU MAUD ANDRÉ

With the upcoming retirement of Qualys, action is required for organizations using Defender for Servers in this mode. To do so, Microsoft has created a specific campaign in Defender for Cloud to support businesses.

Microsoft is introducing the "Trial per Plan" formulaMicrosoft introduces the "Trial per Plan" model. This change was designed with customer flexibility and needs in mind. Historically, Microsoft Defender for Cloud offered new users a 30-day free trial period, starting from the activation of their first plan. While beneficial, this model had its limitations. If a user activated the D4Servers plan and, 20 days later, decided to explore the DCSPM plan, the latter would only benefit from 10 days of free trial. Furthermore, any plan activated after the initial 30-day period would incur immediate charges, which could discourage users from exploring the full MDC offering. The "Trial per Plan" feature elegantly addresses these concerns by resetting the clock with each new plan activation. This means that if you start with the D4Servers plan, you receive 30 free days, and if you decide to activate the DCSPM plan later, regardless of the timing, another 30-day free trial begins for that specific plan.

Public Preview of secrets analysis for Cloud deployments covering Azure and AWS in order to provide a holistic secrets management solution across different types of resources and different stages of the software development lifecycle (SDLC).

Billing modification at the resource level for customers of Defender for Servers:

Direct billing to resources: Microsoft is changing the way your billing is presented. Instead of using a general workspace identifier, your invoices will now be directly linked to each computing resource identifier. This means that each virtual machine (VM), Virtual Machine Scale Set (VMSS), Azure Arc server and EC2 instance will have its own billing entry.
More detailed billing: Clients will no longer receive a single invoice for all workspace resources. Starting 11 March, clients will see individual costs for each of the aforementioned resources. This granular view will provide a clearer picture of the subscriptions to which your costs are allocated.
AWS specifics: For those using AWS resources, the subscription hosting the AWS connector will be billed for the resources used.

Risk prioritisation is now the default experience in Defender for Cloud. This feature helps you focus on the most critical security issues in your environment by ranking recommendations according to the risk factors of each resource. Risk factors include the potential impact of a security issue being breached, the risk categories, and the attack path associated with the security issue.

Post-general availability update for Defender for PostgreSQL Flexible Servers: The update allows customers to apply protection for existing PostgreSQL flexible servers at the subscription level, enabling full flexibility to activate protection on a per-resource basis or for automatic protection of all resources at the subscription level.

To support the new risk-based prioritisation experience for recommendations, Microsoft has created new recommendations for container vulnerability assessments in Azure, AWS and GCP. These address container images for the registry and container workloads for runtime:

General Availability of several recommendations regarding containers in multicloud environments including:

Azure registry container images should have vulnerabilities resolved or GCP registry container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) - Microsoft Azure or AWS registry container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management): The vulnerability assessment of container images scans your registry for the most commonly known vulnerabilities (CVE) and provides a detailed vulnerability report for each image. Resolving vulnerabilities can greatly improve your security posture, ensuring that images can be safely used prior to deployment.
Azure running container images should have vulnerabilities resolved or AWS running container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) or GCP running container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) - Microsoft Azure: The vulnerability assessment of container images scans your registry for commonly known vulnerabilities (CVE) and provides a detailed vulnerability report for each image. This recommendation provides visibility into vulnerable images currently running in your Kubernetes clusters. Remediating vulnerabilities in running container images is essential for improving your security posture, significantly reducing the attack surface of your containerized workloads.

Deprecation of the Cognitive Service recommendation: Public network access should be disabled for Cognitive Services accounts. This recommendation is already covered by another networking recommendation for Azure AI Services Cognitive Services accounts should restrict network access.

# CLOUD MICROSOFT Security ST DIGITAL

阅读下一页