Microsoft has introduced a set of new features in Microsoft Defender for Cloud (formerly Azure Defender or Azure Security Center). We offer you a summary of the changes and functionalities that Microsoft has been able to introduce during the month.
- Microsoft Defender for Cloud will begin apply the plan verification Defender Cloud Security Posture Management (DCSPM) for DevOps from 7 March 2024. If you have the Defender CSPM plan enabled on a cloud environment (Azure, AWS, GCP) in the same tenant as the one in which your DevOps connectors are created, you will continue to receive premium code for cloud DevOps capabilities at no additional cost. If you are not a Defender CSPM customer, you have until 7 March 2024 to enable Defender CSPM before losing access to these security features.
- A new new version of the Defender agent for Defender for Containers is available. It includes performance and security improvements, support for AMD64 and ARM64 architecture nodes (Linux only), and uses Inspektor Gadget as the process collection agent instead of Sysdig. The new version is only supported on Linux kernel versions 5.4 and above; if you have older Linux kernel versions, you must therefore perform an update. ARM64 support is only available from AKS V1.29 onwards.
- The updated security policy management experience, initially released in Preview for Azure, extends its support to multi-cloud environments (AWS and GCP):
regulatory compliance standards
in Defender for Cloud in Azure, AWS and GCP
environments.
Same cross-cloud interface experience to create and manage the personalised recommendations of Microsoft Cloud Security Benchmark (MCSBThe updated experience is applied to AWS and GCP to createpersonalized recommendations with a KQL query
- The threat detection capabilities of Azure Kubernetes Service (AKS) in Defender for Containers are now fully supported across commercial clouds, Azure Government, and Azure China 21Vianet.
- The container vulnerability assessment performed by Trivy has been removed. Customers who were using this assessment must migrate to the new vulnerability assessment AWS containers performed by Microsoft Defender Vulnerability Management
- Image format specification Open Container Initiative (OCI) is now supported by vulnerability assessment, provided by Microsoft Defender Vulnerability Management for AWS, Azure and GCP Cloud environments.
Preview of 4 four recommendations for the Azure Stack HCI resource type:
(Preview) Azure Stack HCI servers should meet Secured-core
requirements
(Preview) Azure Stack HCI servers should have consistently enforced application control policies At a minimum, apply the Microsoft WDAC baseline policy in enforced mode on all Azure Stack HCI servers. Windows Defender Application Control (WDAC) policies applied must be consistent across servers within the same cluster.
(Preview) Azure Stack HCI systems should have encrypted volumes Use BitLocker to encrypt the operating system and data volumes on Azure Stack HCI systems.
(Preview) Host and VM networking should be protected on Azure Stack HCI systemsProtect data on the Azure Stack HCI host network and on virtual machine network connections.