![]() ![]() Guest accounts with write permissions on Azure resources should be removed Guest accounts with owner permissions on Azure resources should be removed The following security recommendations are available in GA and replace the V1 recommendations: RecommendationĪccounts with owner permissions on Azure resources should be MFA enabledĪccounts with write permissions on Azure resources should be MFA enabledĪccounts with read permissions on Azure resources should be MFA enabled The scan frequency has been increased from 24 hours to 12 hours, thereby ensuring that the identity recommendations are more up-to-date and accurate.Accounts such as break glass or service accounts can be excluded by security administrators. Specific accounts can now be exempted from evaluation.Which enables security administrators to view role assignments per account. The scope of the scan has been expanded to include all Azure resources, not just subscriptions.The V2 release of identity recommendations introduces the following enhancements: General Availability (GA) release of identity recommendations V2 The following recommendations are now released as General Availability (GA) and are replacing the V1 recommendations that are now deprecated. Multiple changes to identity recommendations Learn more at Connect your AWS account to Microsoft Defender for Cloud. You can now scan selected specific AWS regions or all available regions (default), when you onboard your AWS accounts to Defender for Cloud. To help you manage your AWS CloudTrail costs and compliance needs, you can now select which AWS regions to scan when you add or edit a cloud connector. Learn how to secure your management ports with Just-In-Time access. JIT rule names (allow and deny) in NSG (Network Security Group) The changes are listed as follows: Description We changed the naming conventions for Azure Firewall and NSG (Network Security Group) rules. We revised the JIT (Just-In-Time) rules to align with the Microsoft Defender for Cloud brand. Revised JIT (Just-In-Time) rule naming conventions in Defender for Cloud Learn more about agentless scanning and enabling agentless scanning in AWS. Navigate to your AWS environment and apply the updated template.Select Click to download the CloudFormation template.Go to Defender for Cloud environment settings and open your AWS connector.You can learn more about the permissions used to scan AWS instances. The updated CloudFormation template includes new assignments that allow Defender for Cloud to process encrypted disks. For existing customers that already have an AWS connector with agentless scanning enabled, you'll need to reapply the CloudFormation stack to your onboarded AWS accounts to update and add the new permissions that are required to process encrypted disks.For new customers enabling agentless scanning in AWS - encrypted disks coverage is built in and supported by default.Support for encrypted disks maintains the same zero impact method on running instances. This extended support increases coverage and visibility over your cloud estate without impacting your running workloads. Agentless scanning now supports encrypted disks in AWSĪgentless scanning for VMs now supports processing of instances with encrypted disks in AWS, using both CMK and PMK. We recommend further investigations.įor all of the available alerts, see Alerts for Azure Key Vault. It could be an indication of a possible attempt to gain access of the key vault and the secrets contained within it. ![]() This anomalous access pattern may be legitimate activity. Unusual access to the key vault from a suspicious IP (Non-Microsoft or External)Ī user or service principal has attempted anomalous access to key vaults from a non-Microsoft IP in the last 24 hours. Renaming container recommendations powered by Qualysĭefender for Key Vault has the following new alert: Alert (alert type).Release of containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM.Download a CSV report of your cloud security explorer query results (Preview).New default setting for Defender for Servers vulnerability assessment solution.Two Defender for DevOps recommendations now include Azure DevOps scan findings.Deprecation of legacy standards in compliance dashboard.Multiple changes to identity recommendations.Revised JIT (Just-In-Time) rule naming conventions in Defender for Cloud.Agentless scanning now supports encrypted disks in AWS.If you're looking for items older than six months, you can find them in the Archive for What's new in Microsoft Defender for Cloud. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |