Microsoft Defender for Cloud Apps: Changes to cloud app catalog

Updated February 25, 2024: We plan to gradually roll out changes to the cloud app catalog starting later in 2024. We will alert you via a new Message center post when we are ready to proceed. Thank you for your patience.

Microsoft Defender for Cloud Apps is making some changes to the cloud app catalog to improve our app risk scoring.

[When this will happen:]

We will communicate via Message center when we are ready to proceed.

[How this will affect your organization:]

We will remove the following irrelevant and redundant indicators from the catalog:

  • Consumer Popularity Index
  • Safe Harbor
  • Jericho Forum Commandments
  • Heartbleed patched
  • Protected against DROWN
  • ISO 27002
  • The following PCI-DSS values: 1, 2, 3, 3.1, and 3.2

We will also remove the following indicators from the default score calculation. These indicators will continue to be presented in the catalog and can be included in score calculations by configuring the score metrics:

  • Founded
  • Holding
  • Domain Registration
  • FedRAMP level
  • FISMA

Due to the changes in this message:

  • If you’ve created discovery policies based on a total app score or any of the removed indicators, the risk score for some apps may change and new alerts may be triggered. 
  • Any existing policies that were created based on the removed indicators will be disabled.

[What you need to do to prepare:]

We recommend that you review your existing policies and modify them or create new policies as needed.

To learn more about the Cloud app catalog and risk scoring of apps: Cloud app catalog and risk scores – Microsoft Defender for Cloud Apps | Microsoft Learn

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *