Deprecated security recommendations

This article lists all the deprecated security recommendations in Microsoft Defender for Cloud.

Azure deprecated recommendations

Access to App Services should be restricted

Description & related policy: Restrict access to your App Services by changing the networking configuration, to deny inbound traffic from ranges that are too broad. (Related policy: [Preview]: Access to App Services should be restricted).

Severity: High

Install Azure Security Center for IoT security module to get more visibility into your IoT devices

Description & related policy: Install Azure Security Center for IoT security module to get more visibility into your IoT devices.

Severity: Low

Java should be updated to the latest version for function apps

Description & related policy: Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for function apps is recommended to benefit from security fixes, if any, and/or new functionalities of the latest version. (Related policy: Ensure that 'Java version' is the latest, if used as a part of the Function app).

Severity: Medium

Java should be updated to the latest version for web apps

Description & related policy: Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for web apps is recommended to benefit from security fixes, if any, and/or new functionalities of the latest version. (Related policy: Ensure that 'Java version' is the latest, if used as a part of the Web app).

Severity: Medium

Monitoring agent should be installed on your machines

Description & related policy: This action installs a monitoring agent on the selected virtual machines. Select a workspace for the agent to report to. (No related policy)

Severity: High

PHP should be updated to the latest version for web apps

Description & related policy: Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended to benefit from security fixes, if any, and/or new functionalities of the latest version. (Related policy: Ensure that 'PHP version' is the latest, if used as a part of the WEB app).

Severity: Medium

Pod Security Policies should be defined to reduce the attack vector by removing unnecessary application privileges (Preview)

Description & related policy: Define Pod Security Policies to reduce the attack vector by removing unnecessary application privileges. It is recommended to configure pod security policies so pods can only access resources which they are allowed to access. (Related policy: [Preview]: Pod Security Policies should be defined on Kubernetes Services).

Severity: Medium

Python should be updated to the latest version for function apps

Description & related policy: Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for function apps is recommended to benefit from security fixes, if any, and/or new functionalities of the latest version. (Related policy: Ensure that 'Python version' is the latest, if used as a part of the Function app).

Severity: Medium

Python should be updated to the latest version for web apps

Description & related policy: Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended to benefit from security fixes, if any, and/or new functionalities of the latest version. (Related policy: Ensure that 'Python version' is the latest, if used as a part of the Web app).

Severity: Medium

The rules for web applications on IaaS NSGs should be hardened

Description & related policy: Harden the network security group (NSG) of your virtual machines that are running web applications, with NSG rules that are overly permissive with regard to web application ports. (Related policy: The NSGs rules for web applications on IaaS should be hardened).

Severity: High

Your machines should be restarted to apply system updates

Description & related policy: Restart your machines to apply the system updates and secure the machine from vulnerabilities. (Related policy: System updates should be installed on your machines).

Severity: Medium