แก้ไข

แชร์ผ่าน

What's new in Defender for Cloud recommendations, alerts, and incidents

  • บทความ

This article summarizes what's new in security recommendations, alerts, and incidents in Microsoft Defender for Cloud. It includes information about new, modified, and deprecated recommendations and alerts.

  • This page is updated frequently with the latest recommendations and alerts in Defender for Cloud.

  • Recommendations older than six months are found in the relevant recommendations reference list.

  • Find the latest information about new and updated Defender for Cloud features in What's new in Defender for Cloud features.

Tip

Get notified when this page is updated by copying and pasting the following URL into your feed reader: https://aka.ms/mdc/rss-recommendations-alerts

Recommendations, alerts, and incidents updates

New and updated recommendations, alerts, and incidents are added to the table in date order.

Date Type State Name
January 13 Alert Preview AI - Access from a suspicious IP
January 13 Alert Preview AI - Suspected wallet attack
December 19 Alert GA The following Azure Storage alerts are GA:
Malicious blob was downloaded from a storage account
Unusual SAS token was used to access an Azure storage account from a public IP address
Suspicious external operation to an Azure storage account with overly permissive SAS token
Suspicious external access to an Azure storage account with overly permissive SAS token
Unusual unauthenticated public access to a sensitive blob container
Unusual amount of data extracted from a sensitive blob container
Unusual number of blobs extracted from a sensitive blob container
Access from an unusual location to a sensitive blob container
Access from a known suspicious application to a sensitive blob container
Access from a known suspicious IP address to a sensitive blob container
Access from a Tor exit node to a sensitive blob container
December 16 Alert Preview AI - Access from a Tor IP
November 19 Deprecation GA MFA recommendations are deprecated as Azure now requires it..
The following recommendations are deprecated:
* Accounts with read permissions on Azure resources should be MFA enabled
* Accounts with write permissions on Azure resources should be MFA enabled
* Accounts with owner permissions on Azure resources should be MFA enabled
November 19 Alert Preview AI - suspicious user agent detected
November 19 Alert Preview ASCII Smuggling prompt injection detected
October 30 Alert GA Suspicious extraction of Azure Cosmos DB account keys
October 30 Alert GA The access level of a sensitive storage blob container was changed to allow unauthenticated public access
October 30 Recommendation Upcoming Deprecation MFA recommendations are deprecated as Azure now requires it..
The following recommendations will be deprecated:
* Accounts with read permissions on Azure resources should be MFA enabled
* Accounts with write permissions on Azure resources should be MFA enabled
* Accounts with owner permissions on Azure resources should be MFA enabled
October 12 Recommendation GA Azure Database for PostgreSQL flexible server should have Microsoft Entra authentication only enabled
October 6 Recommendation Update [Preview] Containers running in GCP should have vulnerability findings resolved
October 6 Recommendation Update [Preview] Containers running in AWS should have vulnerability findings resolved
October 6 Recommendation Update [Preview] Containers running in Azure should have vulnerability findings resolved
September 10 Alert Preview Corrupted AI application\model\data directed a phishing attempt at a user
September 10 Alert Preview Phishing URL shared in an AI application
September 10 Alert Preview Phishing attempt detected in an AI application
September 5 Recommendation GA System updates should be installed on your machines (powered by Azure Update Manager)
September 5 Recommendation GA Machines should be configured to periodically check for missing system updates

Related content

For information about new features, see What's new in Defender for Cloud features.