Monthly news - March 2024
Published Mar 04 2024 04:49 AM 3,228 Views

Microsoft Defender for Cloud

Monthly news

March 2024 Edition


This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from February 2024.

Product videos.png Product videos webcast recordings.png Webcasts (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External content Product improvements.png Product improvements Public Preview sign-up.png Announcements
 Microsoft Defender for Cloud
Public Preview sign-up.png


The container vulnerability assessment powered by Trivy has been retired. Any customers who were previously using this assessment should upgrade to the new AWS container vulnerability assessment powered by Microsoft Defender Vulnerability Management. For instructions on how to upgrade, see How do I upgrade from the retired Trivy vulnerability assessment to the AWS vulnerability assessment...?
Public Preview sign-up.png Azure Kubernetes Service (AKS) threat detection features in Defender for Containers are now fully supported in commercial, Azure Government, and Azure China 21Vianet clouds. Review supported features.
Blogs on MS.png In this blog post we provide organizations with a comprehensive understanding of all the agents and resources deployed as part of Defender for Server, Defender for Container, Defender for SQL in their AWS/GCP environment by Defender for Cloud. The article aims to guide organizations on the impact of Defender for Cloud on their environment and what they need to remove when switching Defender for Cloud plans on the security connector. Where possible this article should avoid duplicating information that is already available on Microsoft Learn and focus on providing information that is not publicly available or documented on Microsoft Learn.

Product improvements.png


A new version of the Defender Agent for Defender for Containers is available. It includes performance and security improvements, support for both AMD64 and ARM64 arch nodes (Linux only), and uses Inspektor Gadget as the process collection agent instead of Sysdig. The new version is only supported on Linux kernel versions 5.4 and higher, so if you have older versions of the Linux kernel, you need to upgrade. Support for ARM 64 is only available from AKS V1.29 and above. For more information, see Supported host operating systems.
Blogs on MS.png Microsoft Defender for Cloud (MDC) has been instrumental in offering proactive security management through its detailed Attack Path insights, helping organizations identify and mitigate potential vulnerabilities before they can be exploited. While these insights have long provided value within the MDC portal and through one-time snapshots via Azure Resource Graph, a significant update enhances how organizations can leverage this information. The introduction of continuous export capabilities for these insights represents a transformative step forward, enabling the integration of MDC's proactive security intelligence with external analytical tools and solutions over extended periods.


In this article we discuss how to enable continuous export of attack path insights and track your progress over time.
Product improvements.png The updated experience for managing security policies, initially released in Preview for Azure, is expanding its support to cross cloud (AWS and GCP) environments. This Preview release includes:
  • Managing regulatory compliance standards in Defender for Cloud across Azure, AWS, and GCP environments.
  • Same cross cloud interface experience for creating and managing Microsoft Cloud Security Benchmark(MCSB) custom recommendations.
  • The updated experience is applied to AWS and GCP for creating custom recommendations with a KQL query.
webcast recordings.png Watch new episodes of the Defender for Cloud in the Field show to learn about the DevOps security capabilities in Defender CSPM, and recommendation prioritization in Microsoft Defender for Cloud
GitHub.png By default, Defender for Servers is enabled as a subscription-wide setting, covering all Azure VMs, Azure Arc-enabled Servers and VMSS nodes at the same time. However, there are scenarios in which it makes sense to downgrade individual machines from Defender for Servers Plan 2 to Plan 1, or only enable Defender for Servers Plan 1 on a subset of machines in a subscription.


This PowerShell script allows you to select machines based on Azure resource tags, or a resource group to configure them individually rather than using the same plan setting for all machines in a subscription.
Blogs on MS.png Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring docunite GMBH – a document management system specialized for the real estate industry – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.
webcast recordings.png Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds.



Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter:


Version history
Last update:
‎Mar 01 2024 01:28 PM
Updated by: