AI Posture Management in GCP Vertex AI (Preview)

AI Posture Management in GCP Vertex AI (Preview)
April 29, 2025

Defender for Cloud's AI security posture management features now support AI workloads in Google Cloud Platform (GCP) Vertex AI (Preview).

Key features for this release include:

• Modern AI application Discovery: Automatically discover and catalog AI application components, data, and AI artifacts deployed in GCP Vertex AI.
• Security Posture Strengthening: Detect misconfigurations and receive built-in recommendations and remediation actions to enhance the security posture of your AI applications.
• Attack Path Analysis: Identify and remediate risks using advanced attack path analysis to protect your AI workloads from potential threats.
  These features are designed to provide comprehensive visibility, misconfiguration detection, and hardening for AI resources, ensuring a reduction of risks for AI workloads developed on the GCP Vertex AI platform.

Defender for Cloud integration with Mend.io (Preview)
April 29, 2025

Defender for Cloud is now integrated with Mend.io in preview. This integration enhances software application security by identifying and mitigating vulnerabilities in partner dependencies. This integration streamlines discovery and remediation processes, improving overall security.

GitHub Application Permissions Update
April 29, 2025

GitHub connectors in Defender for Cloud will be updated to include administrator permissions for [Custom Properties]. This permission is used to provide new contextualization capabilities and is scoped to managing the custom properties schema. Permissions can be granted in two different ways:

In your GitHub organization, navigate to the Microsoft Security DevOps applications within Settings > GitHub Apps and accept the permissions request.

In an automated email from GitHub Support, select Review permission request to accept or reject this change.

Update to Defender for SQL servers on Machines plan
April 28, 2025

The Defender for SQL Server on machines plan in Microsoft Defender for Cloud protects SQL Server instances hosted on Azure, AWS, GCP, and on-premises machines.

Starting today, we're gradually releasing an enhanced agent solution for the plan. The agent-based solution eliminates the need to deploy the Azure Monitor Agent (AMA) and instead uses the existing SQL infrastructure. The solution is designed to make the onboarding processes easier and improve protection coverage.

Required customer actions

1. Update Defender for SQL Servers on Machines plan configuration: Customers who enabled Defender for SQL Server on machines plan before today are required to follow these instructions to update their configuration, following the enhanced agent release.
2. Verify SQL Server instances protection status: With an estimated starting date of May 2025, customers must verify the protection status of their SQL Server instances across their environments. Learn how to troubleshoot any deployment issues Defender for SQL on machines configuration.

New default cap for on-upload malware scanning in Microsoft Defender for Storage
April 27, 2025

The default cap value for on-upload malware scanning has been updated from 5,000GB to 10,000GB. This new cap applies to the following scenarios:

• New Subscriptions: Subscriptions where Defender for Storage is enabled for the first time.
• Re-enabled Subscriptions: Subscriptions where Defender for Storage was previously disabled and is now re-enabled.

When Defender for Storage Malware Scanning is enabled for these subscriptions, the default cap for on-upload malware scanning will be set to 10,000GB. This cap is adjustable to meet your specific needs.

General Availability of API Security Posture Management native integration within Defender CSPM Plan
April 24, 2025

API Security Posture Management is now generally available as part of the Defender CSPM plan. This release introduces a unified inventory of your APIs along with posture insights, helping you identify and prioritize API risks more effectively directly from your Defender CSPM plan. You can enable this capability through the Environment Settings page by turning on the API Security Posture extension.

With this update, new risk factors have been added, including risk factors for unauthenticated APIs (AllowsAnonymousAccess) and APIs lacking encryption (UnencryptedAccess). Additionally, APIs published through Azure API Management now allow mapping back to any connected Kubernetes Ingresses and VMs, providing end-to-end visibility into API exposure and support risk remediation through Attack path analysis.