Deprecation of preview of container and container images vulnerability recommendations

March 2026

Deprecation of preview of container and container images vulnerability recommendations
March 04, 2026

As part of the transition to individual recommendations, Microsoft Defender for Cloud is deprecating existing grouped container vulnerability recommendations. This change enables more granular visibility, prioritization, and governance of container security findings.

Grouped recommendations previously aggregated multiple findings under a single recommendation. These findings are now surfaced as individual recommendations, created per software update, vulnerability, secret, or issue type.

During the transition period, grouped and individual recommendations may appear side by side. Grouped recommendations are on a deprecation path and will be removed in phases.

The following grouped container vulnerability recommendations will be deprecated on April 13, 2026:

Container recommendations

• [Preview] Containers running in Azure should have vulnerability findings resolved
• [Preview] Containers running in AWS should have vulnerability findings resolved
• [Preview] Containers running in GCP should have vulnerability findings resolved
  Container image recommendations
• [Preview] Container images in Azure registry should have vulnerability findings resolved
• [Preview] Container images in AWS registry should have vulnerability findings resolved
• [Preview] Container images in GCP registry should have vulnerability findings resolved
  Customers should update any queries, automation, governance rules, or workflows that rely on grouped recommendation keys to use individual recommendations and security categories instead.

When querying individual recommendations, the same logic can be applied across cloud providers by adjusting the Source value.

Example: Container vulnerability recommendations

The following query allows customers to identify the new individual container vulnerability recommendations for containers running in Azure. To target containers running in AWS or GCP, change the Source value to "AWS" or "GCP".

New individual recommendations format in Azure portal (Preview)
March 04, 2026

Microsoft Defender for Cloud is converting grouped recommendations into individual recommendations in the Azure portal. This change reflects a shift from grouping related findings under one recommendation to listing each recommendation separately.

What's changing

You might see a longer list of recommendations than before. Combined findings (such as vulnerabilities, exposed secrets, or misconfigurations) now show as individual recommendations rather than nested under a parent recommendation.

The grouped recommendations will still show side by side with the new format for now, but they will be deprecated in several months.

The new individual recommendations are marked as Preview with additional New version tag. These tags indicate that the recommendation is in an early state and doesn't affect Secure Score yet, as well as allowing you to filter the recommendations by it.

You can now manage exemptions at scale instead of for each recommendation.

Benefits
Smart and accurate prioritization
Each finding (such as vulnerabilities, exposed secrets, or misconfigurations) is now scored and prioritized individually, so you can focus on what actually reduces risk fastest.

Actionable context per finding
Each recommendation gives clear risk context and remediation guidance, making it easier to understand what's wrong, why it matters, and how to fix it.

Better governance & tracking
You apply targeted exemptions and measure security progress accurately.