Monthly news – November 2023

Microsoft for Cloud

Monthly news

November 2023 Edition

teaser.png

This is our monthly “What's new” blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from October 2023.

 Microsoft for Cloud
Public Preview sign-up.png Microsoft for Cloud now supports the latest CIS Azure Security Foundations Benchmark – version 2.0.0 in the Regulatory Compliance dashboard, and a built-in policy initiative in Azure Policy. The release of version 2.0.0 in Microsoft Defender for Cloud is a joint collaborative effort between Microsoft, the Center for Internet Security (CIS), and the user communities. The version 2.0.0 significantly expands assessment scope, which now includes 90+ built-in Azure policies and succeed the prior versions 1.4.0 and 1.3.0 and 1.0 in Microsoft Defender for Cloud and Azure Policy. For more information, you can check out this blog post.
Blogs on MS.png In today's digital landscape, where over 90 percent of organizations have embraced multicloud solutions, security teams face the growing complexity of maintaining robust security controls and cloud security posture across multi-cloud environments. Microsoft Defender for Cloud offers protection for cloud infrastructure, applications, and data providing a single contextual view of cloud risks across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). In this blog, we will walk through a few scenarios of misconfigured GCP resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teams prevent risks and remediate quickly.
Blogs on MS.png In a typical complex web application, file uploads are a common occurrence across various application scenarios (for instance an application responsible for handling employee payroll may have one module accepting proof of identity documents from employees for personal information updates and other module handling employee reimbursement requests based on the uploaded expense receipts). This blog post elucidates one of the architectural patterns that can be employed for efficiently monitoring the malware scan status while utilizing Microsoft Defender for malware scanning.

Docs on MS.png

New posture management recommendations are now available in public preview for all customers with a connector for Azure or GitHub. posture management helps to reduce the attack surface of DevOps environments by uncovering weaknesses in security configurations and access controls. Learn more about DevOps posture management.
Blogs on MS.png On October 3rd, high severity vulnerabilities in curl were preannounced. The curl project has announced that curl8.4.0 has now been released, earlier than expected. Two vulnerabilities have now been disclosed: high-severity CVE-2023-38545 and low-severity CVE-2023-38546. Microsoft Defender for Cloud has multiple ways to quickly determine where in your environment you are vulnerable that are covered in this blog.
Product improvements.png Defender for APIs has updated its support for Azure API Management API revisions. Offline revisions no longer appear in the onboarded Defender for APIs inventory and no longer appear to be onboarded to Defender for APIs. Offline revisions don't allow any traffic to be sent to them and pose no risk from a security perspective.
GitHub.png Microsoft Defender for Cloud Labs have been updated and now include several new detailed guidance on how to enable, configure and test the Defender for Cloud capabilities.
Blogs on MS.png Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Rockwell Automation – the largest industrial company in the world – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.
webcast recordings.png Join us Wednesday, December 6th for a virtual day of demos and technical deep dives. And bring your questions for everyone's favorite – Ask Microsoft Anything (AMA). We're excited for you to join us in the era of security. Our goal is to connect you to your security peers and equip you with the technical knowledge that will help you and your team safely and confidently adopt AI.
webcast recordings.png Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds.

Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe

 

This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.