Update Coverage Workbook in Microsoft Defender for Cloud to Include Defender for AI Plan status
Option 1: Update the Existing Coverage Workbook Enhance the current workbook by adding a query that checks Defender for AI plan enablement across subscriptions. Steps Open the Coverage Workbook in Defender for Cloud. Edit the workbook and update the query section to include the line below. AIServices = defenderPlans.AI Display the results in a table or chart alongside other Defender plans. Save and publish the updated workbook for organization-wide visibility. Pros Single pane of glass for all Defender coverage. Easy for SOC teams already using the workbook. Cons Requires manual customization and maintenance. Updates may be overwritten during workbook template refresh. Option 2: Use Azure Resource Graph Explorer Run a Resource Graph query to check Defender for AI enablement status across multiple subscriptions without modifying the workbook. Steps Go to Azure Resource Graph Explorer in the Azure portal. Run the following query: __________________________________________________________________________________ securityresources | where type =~ "microsoft.security/pricings" | extend pricingTier = properties.pricingTier, subPlan = properties.subPlan | extend planSet = pack(name, level = case(isnotempty(subPlan),subPlan,pricingTier)) | summarize defenderPlans = make_bag(planSet) by subscriptionId | project subscriptionId, CloudPosture = defenderPlans.CloudPosture, VirtualMachines = defenderPlans.VirtualMachines, AppServices = defenderPlans.AppServices, AIServices = defenderPlans.AI, SqlServers = defenderPlans.SqlServers, SqlServerVirtualMachines = defenderPlans.SqlServerVirtualMachines, OpenSourceRelationalDatabases = defenderPlans.OpenSourceRelationalDatabases, CosmosDB = defenderPlans.CosmosDbs, StorageAccounts = defenderPlans.StorageAccounts, Containers = defenderPlans.Containers, KeyVaults = defenderPlans.KeyVaults, Arm = defenderPlans.Arm, DNS = defenderPlans.Dns, KubernetesService = defenderPlans.KubernetesService, ContainerRegistry = defenderPlans.ContainerRegistry The output appears as shown below. Export results to CSV or Power BI for reporting. Optionally, schedule the query using Azure Automation or Logic Apps for periodic checks. Pros No dependency on workbook customization. Flexible for ad hoc queries and automation. Cons Separate reporting interface from the Coverage Workbook. Requires manual execution or automation setup. Recommendation If your organization prefers a centralized dashboard, choose Option 1 and update the Coverage Workbook. For quick checks or automation, Option 2 using Resource Graph Explorer is simpler and more scalable.End of Windows 10 Support: What Defender Customers Need to Know
As of today, October 14, 2025, Microsoft is officially ending support for Windows 10. This means that Windows 10 devices will no longer receive security or feature updates, nor technical support from Microsoft. While these devices will continue to operate, the lack of regular security updates increases vulnerability to cyber threats, including malware and viruses. Applications running on Windows 10 may also lose support as the platform stops receiving updates. Will Defender continue to protect Windows 10 devices? Defender supports a range of legacy systems, including Windows 10. (See here for a full list of supported operating systems.) Microsoft Defender will continue to provide detection and protection capabilities to the extent possible on Windows 10 and other legacy systems. Keep in mind that security solutions on legacy systems are inherently less secure and may not be able to receive all new features, so please review the next section for important actions you can take. For Windows 10 customers without Defender, Microsoft will continue to provide security intelligence updates for the built-in Microsoft Defender Antivirus protection through October 2028. Of course, Defender Antivirus alone isn't a comprehensive risk mitigation posture without Microsoft Defender detection and response deployed across your digital estate. What should customers do to protect their Windows 10 devices? Upgrade to Windows 11: Moving to Windows 11 is strongly recommended for PCs eligible to upgrade. Windows 11 delivers the latest security features, improved performance, and ongoing support at no additional cost. This is the best way to ensure your endpoints remain protected and compliant. Devices running Windows 10 will be more vulnerable, even with ongoing security intelligence updates (SIUs). Extended security update (ESU) program: If upgrading isn’t immediately possible, Microsoft offers an ESU program for Windows 10. The ESU program provides critical and important security updates but does not include new Windows features or technical support. Enterprise customers can purchase ESU for up to three years or receive it at no additional cost with a Windows 365 subscription. Cloud and virtual environments: Windows 10 devices accessing Windows 11 Cloud PCs via Windows 365 or Virtual Machines are entitled to ESU at no extra cost, with automatic updates. Consumer customers have options to enroll for one year of ESU, including free enrollment methods in certain regions. For further guidance, check out the posts below or connect with your Microsoft account team. End of support for Windows 10, Windows 8.1, and Windows 7 | Microsoft Windows How to prepare for Windows 10 end of support by moving to Windows 11 today | Windows Experience Blog Extended Security Updates (ESU) program for Windows 10 | Microsoft Learn To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.Multi-tenant endpoint security policies distribution is now in Public Preview
We’re excited to announce a key milestone in Defender’s multi-tenant management journey—Microsoft Defender for Endpoint security policies can now be distributed across multiple tenants from the Defender multi-tenant portal. This capability empowers security teams to manage policies at scale, ensuring consistency and saving valuable time. What is content distribution? Content distribution is a powerful Defender feature that enables scalable management of content across tenants. With this capability, you can create content distribution profiles in the multi-tenant portal that allow you to seamlessly replicate existing content—such as custom detection rules and now, endpoint security policies—from a source tenant to designated target tenants. Once distributed, the content runs on the target tenant, enabling centralized control with localized execution. How it works Security policies are now a selectable content type when creating a distribution profile. Simply choose existing policies from your home tenant and add them to the distribution profile. You can also decide which Microsoft Entra group(s) will be applied as scope. Policy targeting will be based on the Entra device groups that exist in every tenant, and you select the relevant groups for each tenant. Upon completion, policies are automatically distributed to the selected tenants and are applied on the targeted machines. Distributed policies also appear in a hierarchical view, with the original policy serving as the parent. You can find the policies that were distributed from the tenant under the original policy. This appears on the endpoint security policies page within multi-tenant management. The last distribution status for the original policy reflects the overall status of its distributed copies, and the tenants and tenant groups sections indicate the recipients of the policy. At any time, you can update the policies, tenants, scope or any other settings, and sync to apply these changes. This new capability enables consistency (maintaining uniform security posture across tenants), efficiency (eliminating manual duplication and reducing operational overhead), and scalability (easily expanding coverage as the tenant landscape grows). FAQ What pre-requisites are required? Access to more than one tenant with Microsoft Defender for Endpoint, with delegated access via Azure B2B or GDAP (CSP Partners only), using the multi-tenant management capability. A subscription to Microsoft 365 E5 or Office E5. What permissions are needed to distribute MDE security policies? To access endpoint security policies, users require the security administrator role in each relevant tenant. To distribute content using multi-tenant management content distribution, the Security settings (manage) or Security Data Basic (read) permission is required. Both roles are assigned to the Security Administrator and Security Reader Microsoft Entra built-in roles by default. Can I update or expand distribution profiles later? Yes. You can add more content, include additional tenants, or modify scopes as needed. Learn more For more information, see Content distribution in multitenant management. To get started, navigate to the Content distribution page. To learn more about Microsoft Defender's endpoint protection, check out our website and video. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.Defender Browser Protection Extension for Chrome
Has any one noticed how pointless this extension is? Deployed using Intune with tamper protection so the user is forced to use it, but Microsoft has built in a disable feature to the extension that can not be controlled, or can it? Any ideas on how to harden this, or something for Microsoft to fix? Tamper Protection enabled: User can bypass by disabling the protection:
