*For this entry exists the more relevant or more recent entry MC1169078
check before: 2025-06-01
Product:
Defender, Defender for Cloud Apps, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Cloud Apps will enhance threat protection with a new dynamic model for detections and alerts, rolling out from June to July 2025. This model allows faster response to threats and will be implemented seamlessly. Legacy policies will be disabled but visible temporarily. No admin action is required.
Details:
Coming soon for Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities. We will implement a new dynamic model for threat protection detections and alerts. This change aims to improve and maintain a high signal-to-noise Ratio (SNR) for detections.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out the first batch of policies early June 2025 and expect to complete by early July 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-25
updated:
2025-04-25
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Disruption in Threat Detection
The transition to a new dynamic model may temporarily reduce the effectiveness of threat detection during the migration period, potentially leading to undetected threats.
- roles: Security Operations Center (SOC) Analyst, IT Security Manager
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
User Awareness and Training
Users may be unaware of the changes in threat detection policies, leading to confusion or misinterpretation of alerts and notifications.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Increased False Positives
The new dynamic model may initially generate a higher number of false positives as the system learns and adapts, impacting user experience and trust in alerts.
- roles: Security Operations Center (SOC) Analyst, End Users
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Policy Management Complexity
The disabling of legacy policies may complicate policy management for administrators who rely on those configurations, leading to potential gaps in security coverage.
- roles: IT Security Manager, Compliance Officer
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Documentation and Communication Gaps
Lack of prior communication about the changes may lead to inadequate documentation updates, causing confusion among users regarding new policies and procedures.
- roles: IT Support Staff, End Users
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is enhancing its Defender for Cloud Apps by introducing a new dynamic model for threat protection. Think of this like upgrading the security system in a building. Previously, the system relied on fixed rules to detect threats, similar to having a set of pre-defined alarms that go off when specific conditions are met. With the new model, it's as if the security system can now learn and adapt to new types of threats, like a security guard who can recognize unusual behavior and respond accordingly.
This dynamic model will be rolled out between June and July 2025, and it aims to improve the accuracy of threat detection. Imagine it as having a more sensitive smoke detector that can distinguish between smoke from a candle and smoke from a fire, reducing false alarms and ensuring quicker responses to real threats.
The rollout will be seamless, meaning it will happen automatically without any required action from administrators. Legacy policies, or the old set of rules, will be temporarily visible but eventually phased out. This is similar to keeping an old security manual on hand while everyone gets used to the new system.
The first set of updated policies will cover areas like suspicious email activities and actions from anonymous sources. These changes will help security teams better understand and respond to threats, much like giving them a detailed map instead of just a simple alert.
Overall, this update is designed to enhance security without disrupting current operations. It's like upgrading to a smarter, more efficient security system that can keep up with evolving threats. If you want to keep certain old actions, you can manually re-enable them, similar to choosing to keep some old security protocols in place for familiarity.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 months ago ago
