Microsoft Defender for Cloud Apps: Changes to cloud app catalog

Originally posted by Microsoft Feb 14, 2024 Uncategorized 0 Comments

Microsoft Defender for Cloud Apps is making some changes to the cloud app catalog to improve our app risk scoring.

When this will happen:

Standard Release (if applicable): We will begin rolling out mid-March 2024 and expect to complete by mid-April 2024.

How this will affect your organization:

We will remove the following irrelevant and redundant indicators from the catalog:

  • Consumer Popularity Index
  • Safe Harbor
  • Jericho Forum Commandments
  • Heartbleed patched
  • Protected against DROWN
  • ISO 27002
  • The following PCI-DSS values: 1, 2, 3, 3.1, and 3.2

We will also remove the following indicators from the default score calculation. These indicators will continue to be presented in the catalog and can be included in score calculations by configuring the score metrics:

  • Founded
  • Holding
  • Domain Registration
  • FedRAMP level
  • FISMA

Due to the changes in this message:

  • If you’ve created discovery policies based on a total app score or any of the removed indicators, the risk score for some apps may change and new alerts may be triggered. 
  • Any existing policies that were created based on the removed indicators will be disabled.

What you need to do to prepare:

We recommend that you review your existing policies and modify them or create new policies as needed.

To learn more about the Cloud app catalog and risk scoring of apps: Cloud app catalog and risk scores – Microsoft Defender for Cloud Apps | Microsoft Learn

Message ID: MC715689

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: