Severity‑based risk assignment for "Not evaluated" recommendations
Defender for CloudMicrosoft
March 2026
Severity‑based risk assignment for "Not evaluated" recommendations
March 11, 2026
Recommendations that previously appeared as Not evaluated will now receive a risk level derived from the recommendation severity. As a result, these recommendations will now be prioritized in the recommendations list based on their assigned risk level.
This change may affect the overall status of recommendations and will also impact Secure Score, as previously recommendations that were not evaluated are now included in risk calculations.
For customers without Defender CSPM enabled, this update removes the Not evaluated risk state and replaces it with severity‑based risk.
To benefit from full contextual, environment‑aware risk evaluation, Defender CSPM must be enabled on the subscription.
Code to runtime enrichment for recommendations (Preview)
March 10, 2026
Microsoft Defender for Cloud now provides Code to runtime capabilities, enabling end-to-end visibility across the software development lifecycle (SDLC). This feature helps security teams trace runtime security issues back to their source code origins and understand the full blast radius of vulnerabilities.
Key capabilities:
- SDLC Chain Visibility: Track security issues from source code through pipelines, registries, to runtime environments
- Blast Radius Analysis: Understand how many assets are affected by a single code change
- Runtime-to-Source Tracing: Navigate backwards from runtime recommendations to identify the original source of security issues
- Actionable Remediation: Fix issues at the source to prevent recurring regressions rather than addressing only runtime symptoms
On-demand malware scanning of Azure Files in Microsoft Defender for Storage (Preview)
March 10, 2026
On-demand malware scanning for Azure Files in Microsoft Defender for Storage is now in preview. This preview extends the existing on-demand malware scan feature and lets you scan entire Azure Storage accounts that contain blobs and files.
You can start scans in the Azure portal UI or with the Representational State Transfer (REST) application programming interface (API). You can also automate scans with Azure Logic Apps, Azure Automation playbooks, and PowerShell scripts.
This feature uses Microsoft Defender Antivirus and applies the latest malware definitions for each scan. It also shows an upfront cost estimate in the Azure portal before you start a scan.
