This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from June 2023.
Defender for Cloud have improved the onboarding experience to include a new streamlined user interface and instructions in addition to new capabilities that allow you to onboard your AWS and GCP environments while providing access to advanced onboarding features. For organizations that have adopted Hashicorp Terraform for automation, Defender for Cloud now includes the ability to use Terraform as the deployment method alongside AWS CloudFormation or GCP Cloud Shell. You can now customize the required role names when creating the integration.
Private Endpoint support is now available as part of the Malware Scanning public preview in Defender for Storage. This capability allows enabling Malware Scanning on storage accounts that are using private endpoints. No other configuration is needed. Malware Scanning (Preview) in Defender for Storage helps protect your storage accounts from malicious content by performing a full malware scan on uploaded content in near real-time, using Microsoft Defender Antivirus capabilities. It's designed to help fulfill security and compliance requirements for handling untrusted content. It's an agentless SaaS solution that allows simple setup at scale, with zero maintenance, and supports automating response at scale.
The Azure Workbook for Defender CSPM Visualization is a dashboard designed to enhance the visualization and analysis of Defender for Cloud's Defender CSPM (Cloud Security Posture Management) information. This workbook provides a centralized and intuitive single pane of view within the Azure Portal, allowing users to easily access and crucial information related to Defender CSPM. Defender CSPM capabilities are highly valuable for ensuring the security and compliance of cloud environments. However, the native Azure Portal lacks a consolidated view that offers users a holistic understanding of the Defender CSPM insights. We have developed the Azure Workbook for Defender CSPM Visualization to bridge the divide and empower users with an efficient and informative dashboard.
Onboarding directly (without Azure Arc) to Defender for Servers is now Generally Available. Previously, Azure Arc was required to onboard non-Azure servers to Defender for Servers. However, with the latest release you can also onboard your on-premises servers to Defender for Servers using only the Microsoft Defender for Endpoint agent. This new method simplifies the onboarding process for customers focused on core endpoint protection and allows you to take advantage of Defender for Servers’ consumption-based billing for both cloud and non-cloud assets. The direct onboarding option via Defender for Endpoint is available now, with billing for onboarded machines starting on July 1.
Defender for API Security dashboard is a workbook that provides a unified view and deep visibility into the issues. This workbook allows you to visualize the state of your API posture for the API endpoints that you have onboarded to Defender for APIs to better understand your unhealthy recommendations and the identified data classifications, authorization status, usage, and exposure of your APIs. You can also investigate detected threats on affected API resources, including the most affected API collections and endpoints, the top alert types, and progression of alerts over time. Check out this blog post to learn more.
Microsoft Defender for SQL provides full database protection and benefit from the following components: threat protection to detect attacks in real-time and vulnerability assessment (VA) that scans, flags, and reports on database misconfigurations that may result in vulnerabilities for attackers to exploit. A few months ago, we launched the express configuration for vulnerability assessments in Defender for SQL that provides a streamlined onboarding experience for SQL vulnerability assessments with one-click configuration (or a simple API call), without any additional settings or dependencies on managed storage accounts. We’re excited to announce the general availability of express configuration for vulnerability assessment on Azure SQL Servers, that includes the previously announced preview features together with full internal platform readiness and a variety of extensibility features that will allow you to manage the feature at scale.
Have you ever found yourself in a situation where you needed to stream Microsoft Defender for Cloud data to another system? Microsoft Defender for Cloud provides the option of streaming data like recommendations and security alerts, to a Log Analytics workspace, event hub, or another SIEM solution. This capability is called continuous export. Imagine if the system you want to stream Microsoft Defender for Cloud data is located behind the firewall. How would you go about doing that? This article teaches you how to accomplish this scenario by configuring export as a trusted service.
With Agentless Container Posture capabilities available in Defender CSPM, the agent-based discovery capabilities are now retired. If you currently use container capabilities within Defender CSPM, please make sure that the relevant extensions are enabled to continue receiving container-related value of the new agentless capabilities such as container-related attack paths, insights, and inventory. (It can take up to 24 hours to see the effects of enabling the extensions). Learn more about agentless container posture.
Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe
Microsoft
