Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article summarizes what's new in security recommendations, alerts, and incidents in Microsoft Defender for Cloud. It includes information about new, modified, and deprecated recommendations and alerts.
This page is updated frequently with the latest recommendations and alerts in Defender for Cloud.
Recommendations older than six months are found in the relevant recommendations reference list.
Find the latest information about new and updated Defender for Cloud features in What's new in Defender for Cloud features.
Tip
Get notified when this page is updated by copying and pasting the following URL into your feed reader:
https://aka.ms/mdc/rss-recommendations-alerts
- Review a complete list of multicloud security recommendations and alerts:
Recommendations, alerts, and incidents updates
New and updated recommendations, alerts, and incidents are added to the table in date order.
| Date | Type | State | Name | |
|---|---|---|---|---|
| June 1 | Alert | Upcoming deprecation | The following alert will be deprecated since the method is no longer supported in PowerZure * Usage of PowerZure function to maintain persistence in your Azure environment |
|
| May 15 | Alert | Upcoming Deprecation | The following alerts will be deprecated and will not be available through XDR Integration: * DDoS Attack detected for Public IP * DDoS Attack mitigated for Public IP Note: The alerts will be available on Defender for Cloud portal. |
|
| May 1 | Alert | GA | AI alerts have been released to GA with the plan's official GA release | |
| April 20 | Alert | Preview | (Preview) AI - Suspicious anomaly detected in sensitive data exposed by AI resource, this replaces the previous sensitive data exposure alert | |
| April 29 | Recommendation | GA | Role-Based Access Control should be used on Keyvault Services | |
| April 20 | Alert | Preview | AI - Suspicious anomaly detected in sensitive data exposed by AI resource, this replaces the previous sensitive data exposure alert | |
| February 5 | Recommendation | Upcoming Deprecation | The following recommendations will be deprecated: * Configure Microsoft Defender for Storage (Classic) to be enabled * Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only) |
|
| January 29 | Recommendation | GA | We have further hardened the Running containers as root user should be avoided recommendation. What's Changing? We now require at least one range to be specified for the "Run as group rule". This change was needed to ensure containers will not get access to files owned by root, and groups with permissions to the root group. |
|
| January 13 | Alert | Preview | AI - Access from a suspicious IP | |
| January 13 | Alert | Preview | AI - Suspected wallet attack | |
| December 19 | Alert | GA | The following Azure Storage alerts are GA: Malicious blob was downloaded from a storage account Unusual SAS token was used to access an Azure storage account from a public IP address Suspicious external operation to an Azure storage account with overly permissive SAS token Suspicious external access to an Azure storage account with overly permissive SAS token Unusual unauthenticated public access to a sensitive blob container Unusual amount of data extracted from a sensitive blob container Unusual number of blobs extracted from a sensitive blob container Access from an unusual ___location to a sensitive blob container Access from a known suspicious application to a sensitive blob container Access from a known suspicious IP address to a sensitive blob container Access from a Tor exit node to a sensitive blob container |
|
| December 16 | Alert | Preview | AI - Access from a Tor IP | |
| November 19 | Deprecation | GA | MFA recommendations are deprecated as Azure now requires it.. The following recommendations are deprecated: * Accounts with read permissions on Azure resources should be MFA enabled * Accounts with write permissions on Azure resources should be MFA enabled * Accounts with owner permissions on Azure resources should be MFA enabled |
|
| November 19 | Alert | Preview | AI - suspicious user agent detected | |
| November 19 | Alert | Preview | ASCII Smuggling prompt injection detected | |
| October 30 | Alert | GA | Suspicious extraction of Azure Cosmos DB account keys | |
| October 30 | Alert | GA | The access level of a sensitive storage blob container was changed to allow unauthenticated public access | |
| October 30 | Recommendation | Upcoming Deprecation | MFA recommendations are deprecated as Azure now requires it.. The following recommendations will be deprecated: * Accounts with read permissions on Azure resources should be MFA enabled * Accounts with write permissions on Azure resources should be MFA enabled * Accounts with owner permissions on Azure resources should be MFA enabled |
|
| October 12 | Recommendation | GA | Azure Database for PostgreSQL flexible server should have Microsoft Entra authentication only enabled | |
| October 6 | Recommendation | Update | [Preview] Containers running in GCP should have vulnerability findings resolved | |
| October 6 | Recommendation | Update | [Preview] Containers running in AWS should have vulnerability findings resolved | |
| October 6 | Recommendation | Update | [Preview] Containers running in Azure should have vulnerability findings resolved | |
| September 10 | Alert | Preview | Corrupted AI application\model\data directed a phishing attempt at a user | |
| September 10 | Alert | Preview | Phishing URL shared in an AI application | |
| September 10 | Alert | Preview | Phishing attempt detected in an AI application | |
| September 5 | Recommendation | GA | System updates should be installed on your machines (powered by Azure Update Manager) | |
| September 5 | Recommendation | GA | Machines should be configured to periodically check for missing system updates |
Related content
For information about new features, see What's new in Defender for Cloud features.