check before: 2025-06-01
Product:
Defender, Defender for Cloud Apps, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Cloud Apps will enhance threat protection with a new dynamic model for detections and alerts, rolling out from June to July 2025. This model allows faster response to threats and will be implemented seamlessly. Legacy policies will be disabled but visible temporarily. No admin action is required.
Details:
Coming soon for Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities. We will implement a new dynamic model for threat protection detections and alerts. This change aims to improve and maintain a high signal-to-noise Ratio (SNR) for detections.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out the first batch of policies early June 2025 and expect to complete by early July 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-25
updated:
2025-04-25
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is introducing a dynamic threat protection model for Defender for Cloud Apps, rolling out between June and July 2025, which will enhance threat detection accuracy by learning and adapting to new threats, while phasing out legacy policies.
Direct effects for Operations**
Disruption in Threat Detection
The transition to a new dynamic model may temporarily reduce the effectiveness of threat detection during the migration period, potentially leading to undetected threats.
- roles: Security Operations Center (SOC) Analyst, IT Security Manager
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
User Awareness and Training
Users may be unaware of the changes in threat detection policies, leading to confusion or misinterpretation of alerts and notifications.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Increased False Positives
The new dynamic model may initially generate a higher number of false positives as the system learns and adapts, impacting user experience and trust in alerts.
- roles: Security Operations Center (SOC) Analyst, End Users
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Policy Management Complexity
The disabling of legacy policies may complicate policy management for administrators who rely on those configurations, leading to potential gaps in security coverage.
- roles: IT Security Manager, Compliance Officer
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Documentation and Communication Gaps
Lack of prior communication about the changes may lead to inadequate documentation updates, causing confusion among users regarding new policies and procedures.
- roles: IT Support Staff, End Users
- references: https://learn.microsoft.com/defender-cloud-apps/anomaly-detection-policy
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 4 weeks ago
