Scanning support for Minimus and Photon OS container images

February 2026

Database-level recommendations experience for SQL Vulnerability Assessment (Preview)
February 10, 2026

Microsoft Defender for SQL is introducing a database-level recommendations experience for SQL Vulnerability Assessment in preview.

This update applies to SQL VA across all supported database types (PaaS and IaaS), including both classic and express configurations, and is available in the following portal experiences:

• Azure portal
• Defender portal
  In this experience, each SQL Vulnerability Assessment rule generates a separate assessment for each affected database. Assessments are displayed and managed as recommendations in the Defender for Cloud Recommendations page.

In the previous model, findings were aggregated at the server or instance level and surfaced under the following recommendations:

**SQL databases should have vulnerability findings resolved
SQL servers on machines should have vulnerability findings resolved

The database-level experience keeps the same security capabilities and doesn’t affect SQL VA scanning logic, rules, queries, scan schedules, APIs, or pricing. It only provides another way to consume and manage findings that's consistent with all Defender for Cloud recommendations.

During preview, the new database-level assessments don’t affect Secure Score in the Azure portal but do contribute to Secure Score in the Defender portal.

The SQL vulnerability assessment rules reference has been updated to include the new database-level recommendation names and assessment identifiers.

The existing server-level (aggregated) experience remains available during preview.

Scanning support for Minimus and Photon OS container images
February 10, 2026

Microsoft Defender for Cloud's vulnerability scanner, powered by Microsoft Defender Vulnerability Management, is extending its scanning coverage to Minimus and Photon OS container images, and identify vulnerabilities in Minimus Images and Photos OS to validate that they're shipping the most secure builds possible. As additional image types are being scanned, your bill might increase. For all supported distributions, see Registries and images support for vulnerability assessment.

Simulate alerts for SQL servers on machines
February 9, 2026

Microsoft Defender for Cloud’s SQL simulated alerts is now generally available. Simulated alerts allow security teams safely validate SQL protection, detections, and automated response workflows without introducing real risk.

Simulated alerts generates realistic alerts with full SQL and machine context on Azure VMs or Arc‑connected machines, enabling end‑to‑end testing of playbooks and SOC readiness. All alerts are produced locally using a safe script extension, with no external payloads or impact to production resources.

Threat protection for AI agents (Preview)
February 2, 2026
Microsoft Defender for Cloud now includes threat protection for AI agents built with Foundry, available in preview as part of the Defender for AI Services plan. This new capability delivers advanced security from development through runtime, addressing high-impact, actionable threats aligned with OWASP guidance for LLM and agentic AI systems.

This release further expands Defender’s AI threat protection coverage, helping organizations secure a broader range of AI platforms.