ServiceNow's integration now includes Configuration Compliance module

September 2024 Update

Cloud security explorer experience improvements
Estimated date for change: October 2024

The Cloud Security Explorer is set to improve performance and grid functionality, provide more data enrichment on each cloud asset, improve search categories, and improve CSV export report with more insights on the exported cloud assets.

General Availability of File Integrity Monitoring based on Microsoft Defender for Endpoint
The new version of File Integrity Monitoring based on Microsoft Defender for Endpoint is now GA as part of Defender for Servers Plan 2. FIM enables you to:

• Meet compliance requirements by monitoring critical files and registries in real-time and auditing the changes.
• Identify potential security issues by detecting suspicious file content changes.
  This improved FIM experience replaces the existing one that set for deprecation with the Log Analytics Agent (MMA) retirement. The FIM experience over MMA will remain supported until the end of November 2024.

With this release, an in-product experience has been released to allow you to migrate your FIM configuration over MMA to the new FIM over Defender for Endpoint version.

For information on how to enable FIM over Defender for Endpoint, see File Integrity Monitoring using Microsoft Defender for Endpoint. For information on how to disable previous versions, see Migrate File Integrity Monitoring from previous versions.

FIM migration experience is available in Defender for Cloud
An in-product experience has been released to allow you to migrate your FIM configuration over MMA to the new FIM over Defender for Endpoint version. With this experience you can:

Review affected environment with previous FIM version over MMA enabled and required migration.
Export your current FIM rules from MMA- based experience and reside on workspaces
Migrate to P2 enabled subscriptions with new FIM over MDE.
To use the migration experience, navigate to "Environment settings" blade and click "MMA migration" button in the upper row.

Deprecation of MMA auto-provisioning capability
As part of the MMA agent retirement, the auto provisioning capability that provides the installation and configuration of the agent for MDC customers, will be deprecated as well in 2 stages:

By the end of September 2024- auto provisioning of MMA will be disabled for customers that are no longer using the capability, as well as for newly created subscriptions. After end of September, the capability will no longer be able to be re-enable on those subscriptions.

End of November 2024- auto provisioning of MMA will be disabled on subscriptions that have not yet switched it off. From that point forward, it can no longer be possible to enable the capability on existing subscriptions.

Integration with Power BI
Defender for Cloud can now integrate with Power BI. This integration allows you to create custom reports and dashboards using the data from Defender for Cloud. You can use Power BI to visualize and analyze your security posture, compliance, and security recommendations.

Update to CSPM multicloud network requirements
Estimated date for change: October 2024

Beginning October 2024, we'll be adding additional IP addresses to our multicloud discovery services to accommodate improvements and ensure a more efficient experience for all users.

To ensure uninterrupted access from our services, you should update your IP allowlist with the new ranges provided here. You should make the necessary adjustments in your firewall settings, security groups, or any other configurations that may be applicable to your environment. The list is sufficient for full capability of the CSPM foundational (free) offering.

Defender for Servers feature deprecation
Both Adaptive application controls, and Adaptive network hardening are now deprecated.

Spanish National Security Framework (Esquema Nacional de Seguridad (ENS)) added to regulatory compliance dashboard for Azure
Organizations that wish to check their Azure environments for compliance with the ENS standard can now do so using Defender for Cloud.

The ENS standard applies to the entire public sector in Spain, as well as to suppliers collaborating with the Administration. It establishes basic principles, requirements, and security measures to protect information and services processed electronically. The goal is to ensure access, confidentiality, integrity, traceability, authenticity, availability, and data preservation.

Remediate system updates and patches recommendations on your machines
You can now remediate system updates and patches recommendations on your Azure Arc-enabled machines and Azure VMs. System updates and patches are crucial for keeping the security and health of your machines. Updates often contain security patches for vulnerabilities that, if left unfixed, are exploitable by attackers.

Information about missing machine updates is now gathered using Azure Update Manager.

In order to maintain the security of your machines for system updates and patches, you'll need to enable the periodic assessment updates settings on your machines.

ServiceNow's integration now includes Configuration Compliance module
Defender for Cloud's CSPM plan's integration with ServiceNow now includes ServiceNow's Configuration Compliance module. This feature allows you to identify, prioritize, and remediate configuration issues in your cloud assets while reducing security risks and improving your overall compliance posture through automated workflows and real-time insights.

Defender for Storage (classic) per-transaction storage protection plan not available for new subscriptions
Estimated date for change: February 5, 2025

After February 5, 2025, you won't be able to activate the legacy Defender for Storage (classic) per-transaction storage protection plan unless it's already enabled in your subscription. For more information, see Move to the new Defender for Storage plan.

Azure Policy guest configuration is now generally available (GA)
Defender for Server's Azure Policy guest configuration is now generally available (GA) for all multicloud Defender for Servers Plan 2 customers. Guest Configuration provides a unified experience for managing security baselines across your environment. It enables you to assess and enforce security configurations on your servers, including Windows and Linux machines, Azure VMs, AWS EC2, and GCP instances.

Public Preview for Docker Hub container registry support by Defender for Containers
We are introducing the public preview of the Microsoft Defender for Containers extension of coverage to include external registries, beginning with Docker Hub container registries. As part of your organization's Microsoft Cloud Security Posture Management, the extension of coverage to Docker Hub container registries provides the benefits of scanning your Docker Hub container images using Microsoft Defender Vulnerability Management to identify security threats and mitigate potential security risks.