Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Attention: All Microsoft Defender for Cloud features will be officially retired in Azure in China region on August 18, 2026 per the announcement posted by 21Vianet.
This article summarizes what's new in security recommendations, alerts, and incidents in Microsoft Defender for Cloud. It includes information about new, modified, and deprecated recommendations and alerts.
This page is updated frequently with the latest recommendations and alerts in Defender for Cloud.
Recommendations older than six months are found in the relevant recommendations reference list.
Find the latest information about new and updated Defender for Cloud features in What's new in Defender for Cloud features.
Tip
Get notified when this page is updated by copying and pasting the following URL into your feed reader:
https://aka.ms/mdc/rss-recommendations-alerts
- Review a complete list of security recommendations and alerts:
Recommendations, alerts, and incidents updates
New and updated recommendations, alerts, and incidents are added to the table in date order.
| Date announced | Type | State | Name |
|---|---|---|---|
| December 3, 2025 | Recommendation | Upcoming deprecation (30 day notice) | The following recommendation is set for deprecation 30 days from now: Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers for Defender for SQL Servers on Machines plan. |
| June 1, 2025 | Alert | Upcoming deprecation | The following alert will be deprecated since the method is no longer supported in PowerZure: * Usage of PowerZure function to maintain persistence in your Azure environment |
| May 15, 2025 | Alert | Upcoming Deprecation | The following alerts will be deprecated and will not be available through XDR Integration: * DDoS Attack detected for Public IP * DDoS Attack mitigated for Public IP Note: The alerts will be available on Defender for Cloud portal. |
| February 5, 2025 | Recommendation | Upcoming Deprecation | The following recommendations will be deprecated: * Configure Microsoft Defender for Storage (Classic) to be enabled * Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only) |
| January 29, 2025 | Recommendation | GA | We have further hardened the Running containers as root user should be avoided recommendation. What's Changing? We now require at least one range to be specified for the "Run as group rule". This change was needed to ensure containers will not get access to files owned by root, and groups with permissions to the root group. |
| November 19, 2024 | Deprecation | GA | MFA recommendations are deprecated as Azure now requires it.. The following recommendations are deprecated: * Accounts with read permissions on Azure resources should be MFA enabled * Accounts with write permissions on Azure resources should be MFA enabled * Accounts with owner permissions on Azure resources should be MFA enabled |
| October 30, 2024 | Recommendation | Upcoming Deprecation | MFA recommendations are deprecated as Azure now requires it.. The following recommendations will be deprecated: * Accounts with read permissions on Azure resources should be MFA enabled * Accounts with write permissions on Azure resources should be MFA enabled * Accounts with owner permissions on Azure resources should be MFA enabled |
| September 5, 2024 | Recommendation | GA | System updates should be installed on your machines (powered by Azure Update Manager) |
| September 5, 2024 | Recommendation | GA | Machines should be configured to periodically check for missing system updates |
Related content
For information about new features, see What's new in Defender for Cloud features.