Last Updated on July 21, 2025 by Arnav Sharma
Microsoft Defender for Cloud continues to evolve as a powerful cloud-native application protection platform (CNAPP). With its focus on securing multicloud and hybrid environments, the platform now includes a fresh set of features aimed at simplifying risk mitigation, boosting visibility, and protecting workloads across Azure, AWS, GCP, and on-premises systems.
In this post, letโs explore the latest updates rolled out as of July 2025โand how they reshape cloud security operations for modern organisations.
1. Enhanced API Discovery and Security Posture Management
One of the most important updates: Defender for Cloud now includes APIs hosted in Azure Function Apps and Logic Apps under its discovery and security posture capabilities.
What this means for your security team:
- Centralized API Inventory: Automatically discovers and catalogs APIs across supported Azure services, so you can visualize your entire API surface in one place.
- Continuous Monitoring: Detects changes to APIs in real time, helping teams stay ahead of shadow APIs or unauthorized deployments.
- Actionable Insights: Highlights misconfigurations like missing authentication, outdated TLS versions, or excessive permissionsโand provides guidance on how to fix them.
This update is part of the Defender Cloud Security Posture Management (CSPM) plan and rolls out globally in phases.
2. Agentless Scanning for VMs with Customer-Managed Keys (CMK)
Agentless scanning is now generally available for Azure VMs using Customer-Managed Key (CMK) encrypted disks.
Key highlights:
- Agentless by Design: No need to install software on the VMโscanning happens out-of-band.
- Full CMK Support: Previously unsupported VM disk encryption configurations can now be securely scanned.
- Coverage: Available across all major clouds and supported via Defender CSPM and Defender for Servers P2 plans.
If you’re handling sensitive workloads, this update makes it easier to maintain visibility without impacting performance or compliance.
3. New “Critical” Severity Level for Recommendations
Defender’s recommendation engine just got more nuanced. A new Critical severity tier joins the existing Low, Medium, and High categories.
What changes:
- Greater Prioritization: Helps teams quickly zero in on the most dangerous issuesโlike exposed credentials or overly permissive firewall rules.
- Reevaluated Findings: Existing recommendations have been reviewed and reclassified to reflect the new tiering model.
This enhancement helps security leaders prioritize remediation efforts and build smarter risk dashboards.
4. Active User Mapping for Faster Remediation
A small but impactful feature: Defender now suggests up to three active users responsible for a resource when a security recommendation is generated.
Benefits:
- Faster Assignment: You can assign remediation tasks right from the Azure portalโcomplete with due dates and alerts.
- Increased Accountability: Helps track down who deployed or changed a resource, improving governance and collaboration.
Great for large teams with shared responsibilities, this reduces time spent investigating who “owns” a problem.
5. Runtime Protection for Azure AI Services
As AI services become mainstream, so do the security challenges they introduce. Defender for Cloud now offers runtime protection for Azure AI workloads.
Capabilities include:
- AI-Specific Threat Detection: Flags suspicious patterns like jailbreak attempts, prompt injection, or unusual access.
- Comprehensive Coverage: Works across Azure AI services, safeguarding apps that leverage LLMs or proprietary data.
- Integrated Approach: Built into existing threat detection pipelines, so you donโt need to manage a separate product.
This is especially useful if you’re deploying GenAI tools or sensitive data-processing pipelines.
6. Agentless File Integrity Monitoring (Preview)
In preview: a lightweight, agentless File Integrity Monitoring (FIM) capability.
Key features:
- Custom Watchlists: Define your own critical file paths or registry keys for monitoring.
- No Agents Required: Unlike traditional FIM, this solution doesnโt require Defender for Endpoint or other installations.
- Seamless Integration: Compatible with existing logging and alerting pipelines.
Perfect for compliance-heavy environments where file-level changes matterโwithout adding operational overhead.
7. Unified Data and AI Security Dashboard
The new Data and AI Security Dashboard is your command center for managing risk across cloud-stored data and AI services.
Highlights:
- Visibility at Scale: Shows where sensitive data is stored and which services interact with it.
- Security Posture: Flags underprotected resources and potential misconfigurations.
- Actionable Gaps: Brings high-severity alerts, attack paths, and compliance concerns front and center.
If your org handles large volumes of data or is investing in AI, this dashboard should be your new go-to.
8. Malware Scanning Enhancements for Azure Storage
Defender for Storage now includes more control over how malware scan results are tagged and indexed.
Whatโs new:
- Blob Index Tagging: Automatically or optionally store malware scan results as index tagsโuseful for querying large volumes of files.
- Real-Time Protection: Supports scanning of all file types, including compressed archives, using Defender Antivirus capabilities.
- API & Portal Control: Configure tagging behavior at the subscription or account level.
This makes it easier to track infected files, automate responses, and stay compliant with storage policies.