Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Monthly news - December 2023
Published Dec 05 2023 06:21 AM 2,760 Views
Microsoft

Microsoft Defender for Cloud

Monthly news

December 2023 Edition

teaser.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from November 2023.

Legend:
Product videos.png Product videos webcast recordings.png Webcasts (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External content Product improvements.png Product improvements Public Preview sign-up.png Announcements
 Microsoft Defender for Cloud
Public Preview sign-up.png

 

We're announcing the General Availability (GA) of agentless secret scanning, which is included in both the Defender for Servers P2 and the Defender CSPM plans. Agentless secret scanning enhances the security cloud based Virtual Machines (VM) by identifying plaintext secrets on VM disks. Agentless secret scanning provides comprehensive information to help prioritize detected findings and mitigate lateral movement risks before they occur. This proactive approach prevents unauthorized access, ensuring your cloud environment remains secure.

 

Learn how to manage secrets with agentless secret scanning.
Public Preview sign-up.png Microsoft now offers both Cloud-Native Application Protection Platforms (CNAPP) and Cloud Infrastructure Entitlement Management (CIEM) solutions with Microsoft Defender for Cloud (CNAPP) and Microsoft Entra Permissions Management (CIEM). Security teams can drive the least privilege access controls for cloud resources and receive actionable recommendations for resolving permissions risks across Azure, AWS, and GCP cloud environments as part of their Defender Cloud Security Posture Management (CSPM), without any extra licensing requirements.

 

Learn how to Enable Permissions Management in Microsoft Defender for Cloud (Preview).
Blogs on MS.png At Ignite 2023, we announced new innovations in Microsoft Defender for Cloud that will help security admins strengthen their CNAPP deployment, improve the cloud security posture through additional code to cloud insights, and protect cloud-native applications across multicloud environments in a unified solution.

 

Check out this blog post to learn more.

Public Preview sign-up.png

 

 

ServiceNow is now integrated with Microsoft Defender for Cloud, which enables customers to connect ServiceNow to their Defender for Cloud environment to prioritize remediation of recommendations that affect your business. Microsoft Defender for Cloud integrates with the ITSM module (incident management). As part of this connection, customers are able to create/view ServiceNow tickets (linked to recommendations) from Microsoft Defender for Cloud.

 

You can learn more about Defender for Cloud's integration with ServiceNow.
Public Preview sign-up.png The data security dashboard is now available in General Availability (GA) as part of the Defender CSPM plan. The data security dashboard allows you to view your organization's data estate, risks to sensitive data, and insights about your data resources.

 

Learn more about the data security dashboard.
Blogs on MS.png At Microsoft Ignite 2023, Microsoft Defender for Cloud unveiled a new integration, extending its DevOps security coverage outside of the Microsoft ecosystem and integrating with the all-in-one DevOps platform GitLab. With this integration, security practitioners can monitor the security posture of their GitLab environments and kick off developer remediation workflows. Additionally, customers with Defender CSPM will receive advanced contextualization and prioritization capabilities for their GitLab environments.

 

In this blog post we explain how to onboard your GitLab environment to Defender for Cloud.
webcast recordings.png Watch a new episode of the Defender for Cloud in the Field show to learn about the Data Security dashboard in Defender for Cloud.
Blogs on MS.png If you are looking for a way to onboard Microsoft Defender for Cloud (MDC) with Terraform, you are in luck! In this blog post, we will introduce you to a new Terraform module that simplifies and enhances the onboarding experience for MDC in Azure. This module allows you to configure MDC plans for your Azure subscriptions or management groups with just a few lines of code. You will also learn how to use this module in different scenarios, such as onboarding a single subscription, multiple subscriptions, or all subscriptions where you have owner permissions.

 

By the end of this blog post, you will be able to onboard MDC with Terraform in a fast and easy way.
Public Preview sign-up.png In preparation for the Microsoft Monitoring Agent (MMA) deprecation in August 2024, Defender for Cloud released a SQL Server-targeted Azure Monitoring Agent (AMA) autoprovisioning process. The new process is automatically enabled and configured for all new customers, and also provides the ability for resource level enablement for Azure SQL VMs and Arc-enabled SQL Servers. Customers using the MMA autoprovisioning process are requested to migrate to the new Azure Monitoring Agent for SQL server on machines autoprovisioning process. The migration process is seamless and provides continuous protection for all machines.
Public Preview sign-up.png We are excited to announce the General Availability of Microsoft Defender for APIs, designed to protect organizations against API security threats. Defender for APIs offers full lifecycle protection, detection, and response coverage for organizations’ managed APIs.
Recognized by Gartner as a Representative Vendor in its 2023 Market Guide on Cloud Native-Application Protection Platform (CNAPP), Microsoft Defender for Cloud seamlessly combines cloud security and compliance capabilities into a single platform to provide end-to-end protection for your cloud applications. Defender for APIs fills a key gap in the CNAPP category with the ability to gain visibility into business-critical APIs, understand their security posture, prioritize vulnerability fixes, and detect active runtime threats within minutes.
Public Preview sign-up.png Sensitive data discovery for managed databases including Azure SQL databases and AWS RDS instances (all RDBMS flavors) is now Generally Available and allows for the automatic discovery of critical databases that contain sensitive data. To enable this feature across all supported datastores on your environments, you need to enable Sensitive data discovery in Defender CSPM.

 

You can also learn how sensitive data discovery is used in data-aware security posture.
Blogs on MS.png Microsoft Defender for Cloud is a multicloud application protection platform (CNAPP) designed to protect your cloud-based applications from code-to-cloud. A key component of cloud security is continuously monitoring and managing new vulnerabilities across your cloud workloads. Vulnerability management helps organizations improve their security posture, reduce the attack surface, and prevent security breaches.

 

We are thrilled to announce that Defender for Cloud is unifying our vulnerability assessment engine to Microsoft Defender Vulnerability Management (MDVM) across servers and containers. Security admins will benefit from Microsoft’s unmatched threat intelligence, breach likelihood predictions and business contexts to identify, assess, prioritize, and remediate vulnerabilities - making it an ideal tool for managing an expanded attack surface and reducing overall cloud risk posture.
Product improvements.png Recently we released enhancements to the attack path analysis capabilities in Defender for Cloud:
  • New engine - attack path analysis has a new engine, which uses path-finding algorithm to detect every possible attack path that exists in your cloud environment (based on the data we have in our graph).  
  • Improvements - Risk prioritization, Enhanced remediation, Cross-cloud attack paths, Mapping all attack paths to the MITRE framework, Refreshed user experience and more.
Learn how to identify and remediate attack paths.
Product improvements.png You can now prioritize your security recommendations according to the risk level they pose, taking into consideration both the exploitability and potential business effect of each underlying security issue. By organizing your recommendations based on their risk level (Critical, high, medium, low), you're able to address the most critical risks within your environment and efficiently prioritize the remediation of security issues based on the actual risk such as internet exposure, data sensitivity, lateral movement possibilities, and potential attack paths that could be mitigated by resolving the recommendations.

 

Learn more about risk prioritization.
Public Preview sign-up.png

 

Businesses can protect their cloud resources and devices with the new integration between Microsoft Defender for Cloud and Microsoft 365 Defender. This integration connects the dots between cloud resources, devices, and identities, which previously required multiple experiences. The integration also brings competitive cloud protection capabilities into the Security Operations Center (SOC) day-to-day. With Microsoft 365 Defender, SOC teams can easily discover attacks that combine detections from multiple pillars, including Cloud, Endpoint, Identity, Office 365, and more.
GitHub.png Microsoft Defender for Cloud Labs have been updated and now include several new detailed step by step guidance on how to enable, configure and test the Defender for Cloud capabilities.
Blogs on MS.png Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring The World Bank – an international financial institution that provides loans and grants to the governments of low- and middle-income countries for the purpose of pursuing capital projects – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.
webcast recordings.png Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds.

 

 

Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe

 

Co-Authors
Version history
Last update:
‎Dec 05 2023 06:20 AM
Updated by: