Important upcoming changes to Microsoft Defender for Cloud

Important

The information on this page relates to pre-release products or features, which may be substantially modified before they are commercially released, if ever. Microsoft makes no commitments or warranties, express or implied, with respect to the information provided here.

On this page, you'll learn about changes that are planned for Defender for Cloud. It describes planned modifications to the product that might impact things like your secure score or workflows.

If you're looking for the latest release notes, you'll find them in the What's new in Microsoft Defender for Cloud.

Planned changes

Planned change Estimated date for change
Recommendation to find vulnerabilities in running container images to be released for General Availability (GA) January 2023
Recommendation to enable diagnostic logs for Virtual Machine Scale Sets to be deprecated January 2023
Deprecation and improvement of selected alerts for Windows and Linux Servers April 2023

Recommendation to enable diagnostic logs for Virtual Machine Scale Sets to be deprecated

Estimated date for change: January 2023

The recommendation Diagnostic logs in Virtual Machine Scale Sets should be enabled is set to be deprecated.

The related policy definition will also be deprecated from any standards displayed in the regulatory compliance dashboard.

Recommendation Description Severity
Diagnostic logs in Virtual Machine Scale Sets should be enabled Enable logs and retain them for up to a year, enabling you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. Low

Recommendation to find vulnerabilities in running container images to be released for General Availability (GA)

Estimated date for change: January 2023

The Running container images should have vulnerability findings resolved recommendation is currently in preview. While a recommendation is in preview, it doesn't render a resource unhealthy and isn't included in the calculations of your secure score.

We recommend that you use the recommendation to remediate vulnerabilities in your containers so that the recommendation won't impact your secure score when the recommendation is released as GA. Learn about recommendation remediation.

The built-in policy [Preview]: Private endpoint should be configured for Key Vault is set to be deprecated

Estimated date for change: January 2023

The built-in policy [Preview]: Private endpoint should be configured for Key Vault is set to be deprecated and will be replaced with the [Preview]: Azure Key Vaults should use private link policy.

The related policy definition will also be replaced by this new policy in all standards displayed in the regulatory compliance dashboard.

Deprecation and improvement of selected alerts for Windows and Linux Servers

Estimated date for change: April 2023

The security alert quality improvement process for Defender for Servers includes the deprecation of some alerts for both Windows and Linux servers. The deprecated alerts will now be sourced from and covered by Defender for Endpoint threat alerts.

If you already have the Defender for Endpoint integration enabled, no further action is required. You may experience a decrease in your alerts volume in April 2023.

If you don't have the Defender for Endpoint integration enabled in Defender for Servers, you'll need to enable the Defender for Endpoint integration to maintain and improve your alert coverage.

All Defender for Server customers, have full access to the Defender for Endpoint’s integration as a part of the Defender for Servers plan.

You can learn more about Microsoft Defender for Endpoint onboarding options.

You can also view the full list of alerts that are set to be deprecated.

Read the Microsoft Defender for Cloud blog.

Next steps

For all recent changes to Defender for Cloud, see What's new in Microsoft Defender for Cloud?.