Listen to this Post
Microsoft Defender for Cloud is updating its severity levels for recommendations to improve risk assessment and prioritization. This update introduces a new severity level—Critical—expanding the previous three-tier system (Low, Medium, High) to four levels: Low, Medium, High, and Critical. Additionally, the risk level evaluation for Defender CSPM customers may also be affected, as both recommendation severity and asset context are considered. These changes are set to take effect on March 25, 2025.
Source: Microsoft Defender for Cloud Updates
You Should Know:
To leverage these updates effectively, here are some practical steps, commands, and configurations you can use with Microsoft Defender for Cloud:
1. Check Current Severity Levels:
Use the following PowerShell command to list current recommendations and their severity levels:
Get-AzSecurityRecommendation | Select-Object RecommendationName, Severity
2. Enable Defender for Cloud:
If not already enabled, activate Defender for Cloud across your Azure subscriptions:
Set-AzSecurityPricing -Name "VirtualMachines" -PricingTier "Standard"
3. Monitor Risk Levels:
Use Azure CLI to monitor risk levels for specific resources:
az security task list --resource-group <ResourceGroupName> --query "[].{Name:name, Severity:severity}"
4. Automate Alerts for Critical Severity:
Create an automation rule to trigger alerts for Critical severity recommendations:
New-AzSecurityAutomation -ResourceGroupName <ResourceGroupName> -Name "CriticalSeverityAlerts" -Scope "/subscriptions/<SubscriptionId>" -Action <ActionObject>
5. Export Recommendations:
Export recommendations to a CSV file for further analysis:
Get-AzSecurityRecommendation | Export-Csv -Path "Recommendations.csv"
6. Update Defender for Cloud Settings:
Ensure your Defender for Cloud settings are up-to-date with the latest configurations:
az security setting update --name MCAS --resource-group <ResourceGroupName> --enabled true
7. Review Asset Context:
Use the following command to review asset context for risk evaluation:
az security assessment list --resource-group <ResourceGroupName> --query "[].{Name:name, Status:status}"
What Undercode Say:
Microsoft Defender for Cloud’s enhanced severity levels provide a more granular approach to risk assessment, enabling organizations to prioritize critical threats effectively. By leveraging PowerShell and Azure CLI commands, you can automate and streamline your security workflows, ensuring proactive threat management. Stay ahead by updating your configurations and regularly monitoring recommendations to align with the new Critical severity level. For further details, refer to the official Microsoft Defender for Cloud documentation.
References:
Reported By: Markolauren Defenderforcloud – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
