Microsoft Defender for Cloud Apps is making some changes to the cloud app catalog to improve our app risk scoring.
[When this will happen:]
Standard Release (if applicable): We will begin rolling out mid-March 2024 and expect to complete by mid-April 2024.
[How this will affect your organization:]
We will remove the following irrelevant and redundant indicators from the catalog:
- Consumer Popularity Index
- Safe Harbor
- Jericho Forum Commandments
- Heartbleed patched
- Protected against DROWN
- ISO 27002
- The following PCI-DSS values: 1, 2, 3, 3.1, and 3.2
We will also remove the following indicators from the default score calculation. These indicators will continue to be presented in the catalog and can be included in score calculations by configuring the score metrics:
- Founded
- Holding
- Domain Registration
- FedRAMP level
- FISMA
Due to the changes in this message:
- If you’ve created discovery policies based on a total app score or any of the removed indicators, the risk score for some apps may change and new alerts may be triggered.
- Any existing policies that were created based on the removed indicators will be disabled.
[What you need to do to prepare:]
We recommend that you review your existing policies and modify them or create new policies as needed.
To learn more about the Cloud app catalog and risk scoring of apps: Cloud app catalog and risk scores – Microsoft Defender for Cloud Apps | Microsoft Learn
