Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Attention: All Microsoft Defender for Cloud features will be officially retired in Azure in China region on August 18, 2026 per the announcement posted by 21Vianet.
This article summarizes what's new in Microsoft Defender for Cloud. It includes information about new features in preview or in general availability (GA), feature updates, upcoming feature plans, and deprecated functionality.
This page is updated frequently with the latest updates in Defender for Cloud.
Find the latest information about security recommendations and alerts in What's new in recommendations and alerts.
Tip
Get notified when this page is updated by copying and pasting the following URL into your feed reader:
https://aka.ms/mdc/rss
October 2025
| Date | Category | Update |
|---|---|---|
| October 23, 2025 | Deprecation Notice | Update Outbound Rules for Microsoft Defender for Containers |
| October 23, 2025 | Update | GitHub Application Permissions Update |
Deprecation notice: update outbound rules for Microsoft Defender for Containers
Microsoft Defender for Containers updated the outbound network requirements for the Defender sensor. You must update your outbound rules to maintain proper functionality.
This change affects all subscriptions using Microsoft Defender for Containers. If you're not using the Defender sensor, no action is required.
Beginning now, the Defender for Containers sensor requires outbound traffic to the following fully qualified domain name (FQDN) and port:
*.cloud.defender.microsoft.com (HTTPS: port 443)
Recommended actions
Add the new FQDN and port to your allowed traffic in your outbound restriction method, such as a proxy or firewall.
If you don't block egress traffic from your clusters, no action is required.
To verify connectivity to Microsoft Defender for Containers endpoints, run the connectivity test script to confirm network accessibility from your cluster.
Deadline
To avoid service disruption, complete any necessary updates of GKE and EKS by September 30, 2026. If no action is taken where required, the Defender for Containers sensor won't function as expected.
GitHub application permissions update
October 23, 2025
Defender for Cloud is updating its GitHub connector to request a new permission: artifact_metadata:write. This enables new capabilities that support artifact attestations - providing verifiable build provenance and strengthening your software supply chain security.
The permission is narrowly scoped, aligning with least privilege principles to support faster and easier security approvals.
How to approve the new permission:
Via GitHub settings: In your GitHub organization, go to Settings > GitHub Apps, select the Microsoft Security DevOps application, and approve the pending permission request.
Via email (for organization owners): GitHub sends an automated email to organization owners with the subject "Review permissions request for Microsoft Security DevOps". Select Review permission request to approve or reject the change.
Didn’t get the email? Only GitHub organization owners receive this notification. If you're not an owner, please contact one in your organization to approve the request via GitHub settings.
Note: existing connectors will continue to work without this permission, but the new functionality will only be available once the permission is approved.
August 2025
| Date | Category | Update |
|---|---|---|
| August 5, 2025 | Preview | Storage aggregated logs in XDR's Advanced Hunting (Preview) |
Storage aggregated logs in XDR's Advanced Hunting (Preview)
August 5, 2025
The new CloudStorageAggregatedEvents table is now available in Microsoft Defender XDR’s Advanced Hunting experience. It brings aggregated storage activity logs, such as operations, authentication details, access sources, and success/failure counts, from Defender for Cloud into a single, queryable schema. The aggregation reduces noise, improves performance, and provides a high-level view of storage access patterns to support more effective threat detection and investigation.
The logs are available at no additional cost as part of the new per-storage account plan in Defender for Storage. For more information, visit CloudStorageAggregatedEvents (Preview).
July 2025
| Date | Category | Update |
|---|---|---|
| July 15, 2025 | Preview | Four new Regulatory Compliance Standards |
| July 3, 2025 | GA | Scanning support for Chainguard container images and Wolfi |
Four new Regulatory Compliance Standards
July 15, 2025
Microsoft Defender for Cloud's Regulatory Compliance is expanding its support to include four new frameworks across Azure environment:
- Digital Operational Resilience Act (DORA)
- European Union Artificial Intelligence Act (EU AI Act)
- Korean Information Security Management System for Public Cloud (k-ISMS-P)
- Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark v3.0
These frameworks are now available in public preview and can be enabled via the Regulatory Compliance dashboard in Microsoft Defender for Cloud.
For more information see: Regulatory compliance standards in Microsoft Defender for Cloud.
Scanning support for Chainguard container images and Wolfi
July 3, 2025
Microsoft Defender for Cloud's vulnerability scanner, powered by Microsoft Defender Vulnerability Management, is extending its scanning coverage to Chainguard container images, and identify vulnerabilities in Chainguard Images and Wolfi to validate that they're shipping the most secure builds possible. As additional image types are being scanned, your bill might increase. For all supported distributions, see Registries and images support for vulnerability assessment.