Not a user yet?
Log in Register for free Suggest a product
Update

Kubernetes gated deployment (GA)

Defender for CloudDefender for Cloud
Microsoft

Kubernetes gated deployment (GA)
November 26, 2025

Kubernetes gated deployment in Microsoft Defender for Containers is now generally available. This feature enforces container image security at deployment time by using Kubernetes admission control.

Key capabilities

  • Admission control for Kubernetes clusters: Blocks or audits deployments of container images that violate organizational security rules.
  • Security rules framework: Define custom rules for AKS, EKS, and GKE clusters based on vulnerability assessment results.
  • Audit and Deny modes:
  • Audit: Generates recommendations when deployments violate security rules
  • Deny: Prevents noncompliant images from being deployed
  • Multicloud support: Works with Azure Container Registry (ACR), Amazon Elastic Container Registry (ECR), and Google Artifact Registry.
  • Integrated monitoring: View admission monitoring and violation details in the Defender for Cloud portal.

GA improvements

  • Streamlined setup experience in the Defender for Cloud portal
  • Default audit rule enabled for faster onboarding
  • Scoped exemption management for specific namespaces or workloads
  • Performance optimizations with reduced latency for admission decisions
  • Enhanced documentation for troubleshooting and developer experience

Defender for Cloud integration into the Defender portal (preview)
November 25, 2025

Microsoft Defender for Cloud (MDC) is now deeply integrated into the Defender portal and part of the broader Microsoft Security eco-system. With threat protection already deeply embedded into the Defender portal, this integration adds posture management, bringing together a complete cloud security solution in one unified experience. This native-integration eliminates silos so security teams can see and act on threats across all cloud, hybrid, and code environments from one place.

This integration brings new value and benefits for security personas:

Unified cloud security experience – Cloud security is now fully integrated into the Microsoft Defender portal at security.microsoft.com, giving security teams a single, unified view across all workloads. This eliminates the need to switch between tools and portals, enabling SOC teams to work more efficiently with complete security posture visibility across workloads. The new cloud-agnostic integration supports Azure, AWS, GCP, and other platforms in a single interface, making it ideal for hybrid and multicloud organizations seeking comprehensive exposure management too. For more information.

Cloud dashboard - The new cloud security dashboard centralizes both posture management and threat protection, giving security personas an overview of their environment. It also highlights the top improvement actions for risk reduction, workload-specific views with security insights and includes tools to track security progress over time out of the box. The unified dashboard consolidates security posture, Defender coverage, cloud assets, health data, and exposure insights across Azure, AWS, and GCP environments. For more information, see Cloud Overview dashboard.

Cloud asset inventory – A centralized inventory that offers a comprehensive view of cloud and code assets across Azure, AWS, and GCP. Assets are categorized by workload, criticality, and coverage, with integrated health data, device actions, and risk signals. Information security and SOC teams can easily access resource-specific views, exposure map, and metadata to address security recommendations and respond quickly to threats. For more information, see Asset inventory.

Unified cloud security posture capabilities – We're unifying all the cloud security posture management (CSPM) capabilities into Microsoft Security Exposure Management (MSEM). Security personas can now view secure scores, prioritized recommendations, attack paths and vulnerabilities in a single pane of glass, empowering them to reduce risk and get a holistic view of all their posture end-to-end including devices, identities, SaaS apps, and data. For more information, see What's new in Microsoft Security Exposure Management.

Granular access management – Security teams can now provide targeted access to security content, so only relevant users see necessary information. This allows users to view security insights without direct resource permissions, enhancing operational security and compliance. Using a new cloud scopes capability, cloud accounts like Azure subscriptions, AWS accounts, and GCP projects can be organized into logical groups for improved data pivoting and RBAC, supporting segmentation by business unit, region, or workload with persistent filtering across dashboards and workflows. For more information, see Cloud Scopes and Unified RBAC.

New modeling for security recommendations
Security recommendations now use a unified model where each finding appears as its own recommendation. Previously, some recommendations grouped multiple findings (e.g., “Vulnerabilities should be resolved”), which made prioritization and governance harder.

With this change, you get:

  • Smarter prioritization based on individual impact
  • Governance - more detailed usage of governance, recommendations and exemption capabilities
  • More accurate scoring since each finding counts separately
    In the Defender portal, only the new model is available. In the Azure portal, the new experience is in preview alongside the current model. This unified approach eliminates the need to treat aggregated recommendations differently, they’re now regular recommendations like all others. For more information, see Security recommendations.

Risk-based Cloud Secure Score - The new Cloud Secure Score introduces a new score formula, that allows you to objectively assess and monitor your cloud security posture. The Cloud Secure Score is based on asset risk factors and asset criticality, making the score more accurate and enabling smarter prioritization of high risk level recommendations. The new Cloud Secure Score is available only in the **Defender portal, the classic Secure Score is still available in Azure portal. For more information, see Cloud Secure Score.

Documentation updates
November 25, 2025

We’ve begun a major revamp of the Microsoft Defender for Cloud documentation to streamline structure, remove outdated content, and add new material for the integration into the Defender portal.

Highlights:

  • Simplified navigation: A unified table of contents based on customer feedback.
  • Mixed-mode experience: Articles that cover both Azure and Defender portals with entry points at the top of the article.
  • New Defender portal section: Features recent enhancements, opt-in guidance, and known limitations.

Discover Azure AI Foundry agents in your environment (Preview)
November 25, 2025

You can now discover Azure AI Foundry agents in your environment using Defender for Cloud. This new preview feature helps you identify and monitor AI Foundry agents deployed across your resources, providing insights into their security posture and risks.

General availability of AI security posture management in GCP Vertex
November 25, 2025

Defender for Cloud is announcing the general availability of AI security posture management for GCP Vertex AI. This new capability helps secure AI workloads on GCP by providing continuous monitoring, risk assessments, and actionable recommendations.

More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Banner Logitech