Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article summarizes what's new in Microsoft Defender for Cloud. It includes information about new features in preview or in general availability (GA), feature updates, upcoming feature plans, and deprecated functionality.
This page is updated frequently with the latest updates in Defender for Cloud.
Find the latest information about security recommendations and alerts in What's new in recommendations and alerts.
Tip
Get notified when this page is updated by copying and pasting the following URL into your feed reader:
https://aka.ms/mdc/rss
July 2025
| Date | Category | Update |
|---|---|---|
| July 3, 2025 | GA | Scanning support for Chainguard container images and Wolfi |
Scanning support for Chainguard container images and Wolfi
July 3, 2025
Microsoft Defender for Cloud's vulnerability scanner, powered by Microsoft Defender Vulnerability Management, is extending its scanning coverage to Chainguard container images, and identify vulnerabilities in Chainguard Images and Wolfi to validate that they're shipping the most secure builds possible. For all supported distributions, see Registries and images support for vulnerability assessment.
May 2025
| Date | Category | Update |
|---|---|---|
| May 5 | Preview | Active User (Public Preview) |
Active User (Public Preview)
The Active User feature assists security administrators quickly identify and assign recommendations to the most relevant users based on recent control plane activity. For each recommendation, up to three potential active users are suggested at the resource, resource group, or subscription level. Administrators can select a user from the list, assign the recommendation, and set a due date—triggering a notification to the assigned user. This streamlines remediation workflows, reduces investigation time, and strengthens overall security posture.
April 2025
| Date | Category | Update |
|---|---|---|
| April 28 | Change | Update to Defender for SQL servers on Machines plan |
| April 7 | Upcoming Change | Enhancements for Defender for app service alerts |
Update to Defender for SQL servers on Machines plan
April 28, 2025
The Defender for SQL Server on machines plan in Microsoft Defender for Cloud protects SQL Server instances hosted on Azure, AWS, GCP, and on-premises machines.
Starting today, we're gradually releasing an enhanced agent solution for the plan. The agent-based solution eliminates the need to deploy the Azure Monitor Agent (AMA) and instead uses the existing SQL infrastructure. The solution is designed to make the onboarding processes easier and improve protection coverage.
Required customer actions
Update Defender for SQL Servers on Machines plan configuration: Customers who enabled Defender for SQL Server on machines plan before today are required to follow these instructions to update their configuration, following the enhanced agent release.
Verify SQL Server instances protection status: With an estimated starting date of May 2025, customers must verify the protection status of their SQL Server instances across their environments. Learn how to troubleshoot any deployment issues Defender for SQL on machines configuration.
Note
After the agent upgrade occurs, you might experience a billing increase if additional SQL Server instances are protected with your enabled Defender for SQL Servers on Machines plan. For billing information, review the Defender for Cloud pricing page.
Enhancements for Defender for app service alerts
April 7, 2025
On April 30, 2025, Defender for App Service alerting capabilities will be enhanced. We'll add alerts for suspicious code executions and access to internal or remote endpoints. Additionally, we have improved coverage and reduced noise from relevant alerts by expanding our logic and removing alerts that were causing unnecessary noise. As part of this process, the alert "Suspicious WordPress theme invocation detected" will be deprecated.
March 2025
| Date | Category | Update |
|---|---|---|
| March 11 | Upcoming Change | Upcoming change to the recommendation severity levels |
Upcoming change to the recommendation severity levels
March 11, 2025
We're enhancing the severity levels of recommendations to improve risk assessment and prioritization. As part of this update, we reevaluated all severity classifications and introduced a new level — Critical. Previously, recommendations were categorized into three levels: Low, Medium, and High. With this update, there are now four distinct levels: Low, Medium, High, and Critical, providing a more granular risk evaluation to help customers focus on the most urgent security issues.
As a result, customers might notice changes in the severity of existing recommendations. Additionally, the risk level evaluation, which is available for Defender CSPM customers only, might also be affected as both recommendation severity and asset context are taken into consideration. These adjustments could affect the overall risk level.
The projected change will take place on March 25, 2025.
Important
The availability of File Integrity Monitoring in Azure China 21Vianet and in GCCM clouds is not currently planned to be supported.
February 2025
| Date | Category | Update |
|---|---|---|
| February 19 | Preview | MDC Cost Calculator (Preview) |
MDC Cost Calculator (Preview)
February 19, 2025
We're excited to introduce our new MDC Cost Calculator to help you easily estimate the costs associated with protecting your cloud environments. This tool is tailored to provide you with a clear and accurate understanding of your expenses, ensuring you can plan and budget effectively.
Why Use the Cost Calculator?
Our cost calculator simplifies the process of estimating costs by allowing you to define the scope of your protection needs. You select the environments and plans you want to enable, and the calculator automatically fills in the billable resources for each plan, including any applicable discounts. You're given a comprehensive view of your potential costs without any surprises.
Key Features:
Scope Definition: Select the plans and environments that interest you. The calculator performs a discovery process to automatically populate the number of billable units for each plan per environment.
Automatic and Manual Adjustments: The tool allows for both automatic collection of data and manual adjustments. You can modify the unit quantity and discount levels to see how changes affect the overall cost.
Comprehensive Cost Estimation: The calculator provides an estimate for each plan and a total cost report. You're provided a detailed breakdown of costs, making it easier to understand and manage your expenses.
Multicloud Support: Our solution works for all supported clouds, ensuring that you get accurate cost estimations regardless of your cloud provider.
Export and Share: Once you have your cost estimate, you can easily export and share it for budget planning and approvals.
January 2025
| Date | Category | Update |
|---|---|---|
| January 30 | GA | Update to scan criteria for container registries |
| January 29 | Change | Enhancements for the Containers Vulnerabilities Assessment scanning powered by MDVM |
Update to scan criteria for container registries
January 30, 2025
We are updating one of the scan criteria for registry images in the preview recommendation for registry images across all clouds and external registries (Azure, AWS, GCP, Docker, JFrog).
What's Changing?
Currently, we rescan images for 90 days after they have been pushed to a registry. This will now be changed to scan 30 days back.
Note
There are no changes for the related GA recommendations for container vulnerability assessment (VA) on registry images.
Enhancements for the Containers Vulnerabilities Assessment scanning, powered by MDVM
January 29, 2025
We are excited to announce enhancements to our container vulnerability assessment scanning coverage with the following updates:
Additional Programming Languages: Now supporting PHP, Ruby, and Rust.
Extended Java Language Support: Includes scanning for exploded JARs.
Improved Memory Usage: Optimized performance when reading large container image files.
December 2024
| Date | Category | Update |
|---|---|---|
| December 10 | GA | Defender for Cloud Setup experience |
Defender for Cloud Setup experience
December 10, 2024
The Setup experience allows you to start your initial steps with Microsoft Defender for Cloud by connecting cloud environments such as cloud infrastructure, code repositories, and external container registries.
You're guided through the setup of your cloud environment, to protect your assets with advanced security plans, effortlessly perform quick actions to increase security coverage at scale, be aware of connectivity issues, and be notified of new security capabilities. You can navigate to the new experience from the Defender for Cloud menu by selecting Setup.