Hello and welcome to the let's Talk. Azure podcast with your host Sam Foote and Ian Armstrong.
If you're new here, we're a pair of Azure and Microsoft 365 focused IT security professionals. It's episode four of season six. Alan and I recently had a discussion around the new releases in January. Here are a few things that we covered. Key Microsoft, Entra, Intune and Defender Features, updates and announcements, Azure changes, new features and retirements. We've noticed that a large number of you aren't subscribed, so if you do enjoy our podcast, please do consider subscribing. It would mean a lot to us for you to show your support to the show. It's a really great episode. So let's get started. Hey, Alan, how are you doing this week?
Hey, Sam. Not doing too bad. How are you? Yeah, good, thank you. Have we had a busy week since the last time we spoke? Anything big happened? I say that is a leading question. I don't know, actually. Don't know what you mean by that, actually. But yeah, it's been busy. I feel like the Internet lost its mind about shadow AI usage in the last week. Yeah, yeah. Was it deep? Deep Seek, Is that the one?
Yeah, exactly. And I just, I just want to, I don't know, make a big point of. It isn't Deep Seek's fault, if that makes sense. We. We see. We do see shadow AI usage quite. I don't know, prolifically, I would say, in people's environments. Right. And I kind of felt like previously it was just sort of brushed off, you know, if you saw like a. And I'm not trying to point any fingers at any brands whatsoever, but you would see Gemini usage as an example and everybody like, oh, oh, well, maybe. Right. But now it's sort of like, oh, this organization is based in a certain region and they've got certain nasty things in their privacy policy. Oh, quick, we better do something about that, basically. Right. So, yeah, really interesting to see people's like, security reaction. I know there's been a lot of press about Nvidia and how they train their model and OpenAI and X, Y and Z. But I did also think it was quite interesting that, you know, people were responding, saying, hey, here's how you block it, basically.
Yeah, there's a lot of downloads, weren't there, of the app and things like that? That was quite. When it sort of not, say, came out, because I think it's been there a while, hasn't it, generally. But actually when it came as the, The Next. Well, talking point, everyone was downloading it, things like that, you know, and kind of like you said you should, we see the blocking, but we've also got the monitoring sort of coming, you know, with Defender for cloud apps this week or end of last week, where it was now, you know, coming out with, you know, being able to track it using Defender, cloud apps, cloud discovery side of things. So I think it's more about visibility than anything.
Yeah, exactly. So I think it's, I think it is a good, you know, whatever you think about the technology. Let's just park that to the side. I think it is good that people are at least talking about, you know, that we need to understand, you know, what people are sharing with, you know, any random prompt interface on the Internet, what is leaving the organization and, you know, who's processing that information. I think in some respects it's quite good that deepseek are so sort of open in some respects on their privacy policy about what they will do with your data. Does that make sense? Like it will be shared, like, you know, so like in some respects, you know, fair play for just being completely open about what you're going to do with the data. But again, another really sort of high profile, I'll call it, launch of a, you know, a new model and interface and to see what's happened in the industry around that. Nice. Yeah. Sorry. Anything else in your, your world, Alan, that's caught your attention over the past few weeks?
No, not that I can talk about. There's some really cool things, but yeah, can't talk about it. Yeah, there's nothing like putting the cliffhanger in there. But yes, it is. It is what it is. But that's terrible. But yeah, there's some good. There's some cool stuff coming, but yeah, there's not really been anything else, I don't think off the top of my head. There's some, some interesting stuff that's being released in January. Yeah. Should we, should we start our news episode?
Yeah, yeah. So this episode's on. Any public preview retirements or just feature updates coming into the products that we look at or we find interesting, I think it's fair to say, Sam, isn't it? Because Azure, there's thousands or hundreds of updates that, you know, we could spend probably a whole day talking about. But yeah, so we're just going to sort of capture some of the key ones or the ones that interest us at least around security mainly. Unless it's Chaos Studio. Sam?
Yeah, I'm not going to say anymore. Let's get started. Alan, do you want to take us through your updates first?
Yeah, sure. So I'll start off with Defender for Endpoint. This is more in general so not at the operating system level, but more the service itself. So there was a release in preview about aggregated reports in Defender for Endpoint. So this is in effect aggregating the signals, sort of changing the intervals for them to reduce the size of reports. So when you're sort of potentially hunting or generate reports, it's not as insane, I think it's fair to say, full of data that you maybe you don't necessarily need to know for that reporting. That's quite cool. What's this one? So Defender XDR. So the actual SecurityMicrosoft.com portal. So this was an interesting one. So in preview, if you've got Sentinel integrated and you've got entity behaviors in effect enabled in Defender, the device activity for those devices. So activity events from Microsoft Sentinel devices are now visible in the timeline that's on the device entity point in the Defender portal. So we're starting to see the. The combining of all the data now into the entities in the Defender XDR portal. I think at the moment they're probably still sort of separate. So Sentinel versus Defender xdr. So I think that's a big change and also showing that it is even more becoming integrated as we go.
Yeah, very interesting.
Yeah, definitely the next one in preview. Users with provisioned access to Purview Insider risk management can now view and manage insider risk management alerts and hunt for insider risk management events and behaviors in the Microsoft Defender pool, which is interesting. So I suppose that's probably more of a security thing per se, but inside of risk could also be potentially breach of like HR policy, things like that, couldn't it? A little bit. Suppose it's more tied to insider risk or accidental or unknown. What's the word? Unintentional insider risk, I suppose activity where they're not following policy or unaware of policy. So I thought that was interesting where they're bringing it in effect that part is coming in or being available in both locations at least.
Yeah, that is interesting because that's. Yeah, that's definitely always sat on the purview side. So. Yeah, I guess it's kind of. It's data related but it's more. It is more around security kind of thing, I suppose rather than. I suppose DLP is as well.
Yeah, that was that, that was my. Yeah. First sort of thought because the way that I sort of think about insider risk management is Like DLP on steroids basically, you know. And yeah, it's interesting that it's just one side and not the other. So it'd be interesting to see if more of those, you know, I don't know. Yeah, the email and collaboration section now, you know, starts having DLP policies in it. Interesting.
Yeah. Yeah. Well there is that overlap of communication compliance, isn't there? Yeah because like you know, communication compliance does also look at like internal sort of like you know, threatening and abusive behavior. So like, you know. So yeah, yeah, that's interesting. Really interesting.
Yeah. Okay, that's probably it for Defender XDR. I think that. I think those two are pretty cool. Very interesting. Defender for Office 365 so this has just had the built in report buttons in outlook for iOS and Android version 4.2446 or later now support the user report settings experience to report messages as phishing junk or not junk. So that's just adding in additional or complying with the config that we've configured in the backend. That's quite cool. So it's probably moving away from the plugins versus the built in side of things. So should probably shouldn't add on to that. There wasn't anything for Defender for cloud apps from the kind of what's new side of things and same thing for Defender for Identity but really Defender Identity obviously had its big and sort of announcement around the unified agent side of things. So that's just sort of bedding in there. Okay. Entra so there's quite a few in here, just have a look. So generally available is Now Microsoft Entra PowerShell so new version of the PowerShell which in effect talks to Microsoft Graph and with that going ga we have the deprecation let me find it the deprecation of the legacy Ms. Online and Azure AD PowerShell modules to be retired May between April and May 2025. So if you've got some PowerShell scripts out there doing some automation gonna need update it. So I suppose you have bad thing around. It's yeah shame it's sort of a full new you know, refresh I suppose because the naming but yeah it's a shame because it's a lot of change there potentially public preview manage lifecycle workflows with Microsoft Security copilot in Entra so customers can now manage and customize lifestyle workflows. So this is identity governance side of things using natural language for Microsoft Security copilot. So it's a part of the embedded experience I would guess at this, at this Point. So life. So lifestyle. No, sorry, Lifestyle Lifecycle workflows.
Yeah. COPAR solution provides step by step guides on performing key workflow configuration and extension execution tasks using natural language. So that's quite good to help you kind of understand what the steps you need to go through using natural language. Can I ask a question? Yeah. Why is it not in Azure Copilot? Azure Copilot? Because Entra is not in Azure technically it's got its own port, wasn't it? Oh yeah, okay. So security co pilots in Entra. Yeah, yeah, true.
Yeah. Okay. Yep, go on. Yeah, sorry, I was just thinking old. Yeah, it's still there. It's still the way I. That's, that's why. Yeah, that's why that was, that was my own preference coming through there. I was like that doesn't make any sense. And then I just completely forgot that there's the Entrople that the Hope Portal we should be using and anyway, sorry, yeah, go on. I have started using the entrople more especially with GSA because it's the place you can get it.
So I have to. Because some customers, they go to the Entra portal like if I'm like screen sharing with them and I'm like oh yeah, fire up the Entra portal. If I'm guiding them, fire up Entra and they go to the new Entra port and I'm like yeah, I need to know how to navigate this as well. But if I'm in a tenant and doing anything inside of Entra, I always go to Azure Portal first. I need to. That's one of my goals for 2025 to get myself off of Microsoft. Just need to remove it then it. Force me.
Yeah, yeah, yeah. I think it's because it's so engraved in everyone's mind that it's, it's. They need to get. Yeah, but it's, it is right that it, it shouldn't be in. It shouldn't be. It should have never have been in the Azure Portal really if we think about it. It should have been its own thing, shouldn't it really? Yes and no. I think it's the journey it's taken. Oh yeah, no, no, yeah. No, no. With. Yeah, with a massive amount of hindsight, you know what I mean? It.
Yeah, 100. Well it used to be on its own and then they moved it to. Oh yeah, true.
But anyway, so generally unavailable. Improving visibility into downstream tenant sign ins. So being able to identify in the logs in effect what the home tenant ID is and what the resource tenant ID they're trying to access is so you can see when users or service providers partners are logging into your tenant via their tenant kind of thing. So I think it's good visibility. Auditing so public preview for auditing administrator events in Microsoft Entra Connect so you can actually see what configuration change were done within the Entra Connect tooling. I think previously maybe you just seen someone signing in but you didn't actually see the changes taking place. Generally available is real time password spray detection in Microsoft Entra ID protection. So this is password spray attacks protected post breach or post the activity happening to identify when. Yeah that was happening just probably because of the amount of data they were consuming. But now risk based conditional access can automatically respond now to these new signals in in real time and I'm guessing it's going to be baked into the continuous access evaluation side of things to heighten the risk of the sign in. So I thought that was quite good. We talked about that. Retirement There's a new version of Entra Conn 2.4.129 let's quickly just look at the release notes but I'm guessing this is the auditing administrator events so you need to upgrade to the latest one. Yep. Be able to get that. There's a few fixes as well. Elevate access events are now exportable via audit logs. So that means now you can now start seeing seeing that going into Defender. Oh sorry Sentinel or other third third party seam tools. I think that's probably it. There's definitely a lot lot there coming up from Entra. Okay. I think the only other one was which is not normally on our list is defenderfi ot. So it's only one we should be bringing this into the fold anyway. But because I want a project for it soon or in the middle of it's worth keeping up to date with it as well. So you're able to preview and edit the device lists during the site setup process. So previously you could just sort of build the configuration maybe not set up the device that could be in effect associated with that site. So you can do that from the start. That's probably it. I suppose the only one because we have never done it in November. I'll just sort of bring us up to speed a little bit. There's a new OT Security Preview Exposure Management initiative. So now you can see some of the recommendations around that. Especially when you've got defender for IoT integrated. So that's quite good in itself and I think that is probably it from me. I don't think there's much more this come out apart from obviously suppose Defender for cloud apps added updated their cloud discovery or cloud app catalog to include new generative AI SaaS applications like Deep SEQ and things like that. So that's probably a minor update that came in from that and that is probably me. What about you Sam? What's happening on your side?
Okay, yeah, fair few updates on the Azure side. So first one Azure NetApp files now supports a minimum volume size of 100 gibibytes gib which is gibibytes the previous minimum was 100 gigabytes so that's going to obviously allow organizations to right size those storage volumes to help save cost and free up space in the capacity pool. There is a provisioned V2 model for Azure files hard drive standard pricing which allows you to create file shares that meet the exact storage and performance requirements that you need. So Provision fee provisioned version 2 shares enable independent provisioning of storage IOPS and throughput. So this gives you predictable pricing and also flexible provisioning and it also increases the scale that you can go to so you can go up to 256 tippy bytes, 50,000 IOPS and 5 gigabytes per second of throughput. So yeah, you can be a lot more granular on the specific file shares that you have. So I think that's you know again Azure Files is a great sort of cloud replacement for your on prem shares that you would have previously had and you've now got more, you've now got more capability and flexibility there. So I'm going to skip that one. Copilot in Azure has a public preview for troubleshooting disk performance so it can take your disk metrics and Copilot in Azure can analyze these metrics and to help to resolve performance to identify performance issues on your behalf and it can give you guided recommendations for optimizing VM and disk performance to include to improve your applications experience. So that was quite cool that it's monitoring for you and then giving you recommendations when it sees issues because those disk metrics can shift I assume at any time.
Does that work both ways? Do you think thinking that you've got too many iops to reduce cost? I don't know. It says performance issues. I haven't tested it. I'd like to think it does but I would probably think that might come under advisor recommendations but I don't know if there is a specific advisor recommendations for too many provisioned iops. Is there? I don't know. That's why it's Just, just one said.
Yeah, it'll be interesting to see if that. I think it's just going to be the negative performance that abundance personally, the way that it reads. Yeah.
Now generally available is websocket support in application gateway for containers. So websockets allow web applications to serve real time data. So this is used in things like chat applications, gaming platforms, dashboards. It allows bi directional communication with a, with a service to a client. So you know when, when you go to a website and you request a web page that's very, I don't know, synchronous, you know, you, you ask for the page it renders back. Whereas with websockets the server can push real time information to you. So that is now supported in application gateway for containers. So that's going to be very, a very welcome change and it's just gone. Generally available. Now generally available is user managed plugins are now enabled in Azure database for MySQL Flexible Server. And the first plugin I believe that's supported is the validatepassword plugin which is a plugin that's available separately for MySQL which helps you to enforce strong password policies, etc. You can install it without restarting your server, which is great, but now you can. The plugin was there, but management was limited by the platform. But now you can take control and tailor your MySQL environment to meet your specific requirements, which is really good to see, no skipping over that one. There's now a public Preview for the JavaScript code interpreter in dynamic Sessions inside of Azure Container Apps. So Azure Container Apps Dynamic Sessions offers serverless isolated sandboxes for executing untrusted code. So imagine you're a service that maybe you're like a, I don't know, a developer platform that takes code and you might need to execute it on behalf of your, you know, your clients. So you can now do native JavaScript code execution. It's currently in public preview. Previously it was Python interpreter code. I assume that was to do with, you know, Jupyter notebooks etc. Those types of code interpreter scenarios. But oh, you could also do custom containers but. But now you can do JavaScript code as well. So yeah, each session operates in a Hyper V sandbox and is network isolated by default. So it could be good for different scenarios. I believe I talked about this last time that Azure automation service limits are changing. That is now generally available. So that is happening as we speak.
Okay.
All as your automation jobs running on agent based hybrid workers will be stopped from 1st April 2025. So big warning if you are using Azure Automation agent based user hybrid workers both Windows and Linux. It was retired on 31st August 2024 and is no longer supported so it hasn't been getting any security features post its retirement. So it's highly and strongly recommended that you move to the extension based user hybrid runbook worker. It's a bit of a mouthful for Windows and Linux for executing hybrid jobs, so your time is very limited. Get migrating Azure Automation oh this has already happened, so this is a bit late. Azure Automation will Discontinue execution of PowerShell runbooks using Azure RM modules from 2-1-2025. So if you are using those modules today, well they won't work by the time you've listened to this. It was retired on 2-29-2024 in favor of the AZ PowerShell modules that have more security, stability and functionality. So there are migration resources on learn to help you with that transition. But as far as I'm aware nothing using that will be executing as we speak. Resources interacting with azure automation using TLS 1.0 and or 1.1 protocol will be blocked from 1 March 2025. So we've talked about many different Azure services are deprecating and blocking the use of TLS 1.0 and 1.1 protocol because of security vulnerabilities and improvements in the TLS protocol, they're wanting you to move to newer protocol versions. The exact retirement dates for different services is different unfortunately. We've had some shift back I believe as well, so I'm not really gonna continue to call out the longer term ones. I will call them out as I see them, but as they start to get closer and closer I will call them out each month, you know, as I get updates from from Azure. But currently for Azure Automation that date is 1st March 2025. So make sure you're using TLS 1.2 or higher. You can There's a public preview for Azure Dev Test Labs where you can hibernate machines now. So yeah, they've introduced hibernation in Azure Dev Test Labs which is now in public preview and that will massively reduce your costs. Hibernation allows you to pause those virtual machines whilst preserving their state and then it allows you to easily resume that work once without losing progress. And you know virtual machines that run in these dev test labs are unused for long periods of time when you know people aren't working or you know your test runs aren't running overnight so being able to hibernate them is really powerful. When you hibernate them, costs only include the storage, the OS disk and any data disk attached and any networking resources attached to the vm. So very cool feature for that workload. There is now enhanced support for Generation 2 VMs in Azure DEV Test Labs as well. So you can now pick between generation one and generation two versions of the same Marketplace image when creating a VM in Azure Dev Test Labs. Generation two virtual machines include increased Memory, Intel Software Guard Extensions and virtualized persistent memory. The acronym for that is lowercase v P capital. All the rest capitals PM E M. Not that I have a clue what any of that means. So yeah, if you're utilizing Dev Test Labs, look it to see if generation two migration makes sense for you. Right now I've come to the most important update in my mind, right Are you going to take a. Are you going to take a stab at this?
It's going to be a chaos studio of some form.
No, you're completely wrong. Public preview announcing and I mean announcing the next generation of Azure Data box devices. Microsoft is excited, excited I will capitalize excited to announce the preview of Azure Data Box 120 and Azure Data Box 525, Microsoft's next generation compact NVME based box devices. These devices incorporate several performance improvements which are several improvements to accelerate offline data transfers so faster copying built in NVME drives for high speed transfer and improve reliability and support for faster network connection connections larger capacity offerings 525tb in a compact form factor for easy handling resilience. So ruggedized devices built to withstand rough conditions during transport secure enhanced physical hardware and software features and broader availability. So the idea is to have more presence in presence in more regions meeting local compliance standards and regulations. It's currently in preview and it's available in the U.S. canada, European Union, United Kingdom and U.S. government Azure regions. Okay, so I'm going to click on this because I want to dive into some of this in a bit more depth. Okay. Right. So it consumes around 7U of rack space when it's on its side, but it cannot be rack mounted. So that's just to give a bit of size comparison. You get an included power cable and you have two. Two. Well these cables aren't included but you have two RJ 4510 gig ports Cat 6 cables required and it also has two 100 gigabit QSFP 28 passive direct attach cables. So it can do. It's got 200 gig ports on it it's RAID 5 that the numbers that I called out for the model numbers are the usable size. So SKU1 is 120 terabytes usable with 150 terabytes of raw storage and SKU2 is 525 usable terabytes with 600 terabytes raw power supplies rated for 1300 watts. Typically the unit draws about 384 watts. So yeah, like it's got TPM 2.0 secure boot hardware root of trust. Now data transfer rates, you can now get up to approximately 7 gigabytes per second using SMB direct on RDMA 100 gig. For large files, both data ports can be used though not required and obviously that's going to vary by the size of file that you're, you're copying to it. You can use the local web UI for one time initial setup and configuration and then you can use the Azure Portal for day to day management of the device. I'm gonna send you a link to the picture Alan, just so that you can see it. Apologies for anybody listening because you won't be able to see this but it's basically like oh what's, you know those, you know you can get those like powerable battery packs, can't you? You know that you can put in like your camper vans and, and whatnot. Kind of looks a little bit like one of those. I would say.
It'S just gonna be so such a dense weight for the size of it, isn't it? Yes. You're gonna be like oh, it just looks like a PC. You know it's gonna be like lighting. Go pick it up and go. Wow. Does it tell you the weight of them? Actually yeah, it's, it's, it's less than 46 pounds. But I don't know what that is in. Let me just. 46 pounds in kilos. 20, 21 kilograms. So it's not mental, is it? Compared to servers? No, but I suppose it is all flash, isn't it? So. Is it really all flash, is it?
Yeah, I believe so. I believe it's all NVMe. Oh my God. Yeah, so. God, how much that gonna cost? Because like. That is a very good point actually because I haven't actually I didn't lock up two seconds. Two. Well yeah, but like you know two terabytes of you know, stick times that by 60 for the plus for the 120.
Okay, now I've got you, I've got you. So. Right, so data box 120 is. I remember the old SKUs now, right, so data box 120 is $350 for one unit and you get 10 days of service with it. For each additional day it costs $50. And a standard shipping fee is $95. So that's the shipping fee for one full round trip. So if you keep it for. If you keep it for 10 days or if you return it within the 10 days, it's going to cost you about $450 for 120 terabytes transferred into Azure.
Doesn't seem like a bad thing really, does it? It's not like breaking the bank completely. Data box 525, which is obviously 525 terabytes of usable space to get one unit for 20 days, you get twice as much time on it is $1500 with the same 95 do dollar round trip shipping. Each additional day is $200. So I suppose you got to be prepped and you got to start. Yeah. Every additional day it's $200. Yeah. Wow. Okay. They don't want you to be keeping that long.
No in and out. Yeah. So, yeah, I think I was actually, I think on the last episode I was like joking about new Databox. Apparently that Preview started in November 2024 and it was a Microsoft Ignite announcement, but I completely missed that. So, yeah, I probably went past them when I was at Ignite. That's what they had them on show. Yeah. Excuse me. Didn't even think about it. I got to take a picture of one opportunity miss anyway. Opportunity of all things. Yeah.
Apologies to the product team Ignite launching the, you know, amazing new Azure data box. And Alan just completely glossed over it. Anyway, as a, as a big advocate, I also missed it and I think There's a late January 2025 update to Azure SQL which allows you to use database shrink to reduce allocated space in Azure SQL database hyperscale service tier. So that's good. And it's gone ga. So it sounds a little bit less scary when shrinking data in a database. And what I also thought was interesting is Generally available a FIPS 140 Level 3 HSM premium key vault is now supported in China. So I thought that was very interesting that you can now get that type of protection in, in that region, which is really good to see.
Yeah, I guess that's because global organizations need the same requirements across the board, don't they?
Yeah, yeah, exactly. Yeah. Yeah. We very rarely see updates to China region. Right. And I thought it was interesting to call out that, you know, that type of controls Are there? I didn't really have on the Defender. That's all the Azure stuff on the Defender for cloud side, I suppose there are a few different updates that are probably worth calling out. There's an update to the scan criteria for container registries now. So in the preview recommendation for registry images across all external registries, Azure, AWS, GCP, Docker, JFrog, they currently rescan images for 90 days after they've been pushed to a registry, but this will now be changed to scan 30 days back. So you're not able to scan as far back, so that may affect you. That doesn't seem like a too much of an issue to me. Enhancements for containers Vulnerability assessment Scanning There are new vulnerability assessments with coverage for the following updates. So additional programming languages supported now supporting php, Ruby and Rust. Extended Java language support which includes scanning for exploded jars. Okay. Improved memory usage, so optimized performance when reading large container image files. Permissions have been added to the GCP connector to support AI platforms. So there are a bunch of new GCP connector additional permissions to support the GCP AI platform Vertex AI. So that has been added to the GCP connector. And the last thing. No, I think that's the only thing that I'm going to cover cover on Defender for cloud.
I think the scanning interval thing or going back, how far you can go back kind of ties into them changing the scan intervals for. Correct. Yeah, AWS and GCP kind of thing. And I guess the new permissions for GC for GCP AI services is kind of tying into our, you know, last week's episode about DEF Defenders class security posture management. Yeah, yeah, I. I won. Sorry, Alan, go on, finish what you were saying.
No, just. Just to, you know, be able to give, you know, gain more visibility from that side.
My gut is that they've added so much to those service tiers, right. That I think they're just scaling back some of the scanning to make it a bit more reasonable on their side. But I do genuinely think that we've had a lot of product innovation with no real like license and cost change. Does that make sense? You know, I think we commented on last week's episode about that. About, you know, Defender CSPM just having more and more functionality added to it. And yes, it does cost money. You have to pay for it, but it doesn't cost any more money, does it?
You know, and it's. And it's only on certain SKUs again. Exactly. Only certain SKUs that or. Or resource that are classes billable as well. Not everything.
Yeah, exactly. So, so I, I think that's just saying that they will, every time you add a new image, they will only continuously scan it for 30 days, going back for images. 30 days. But some teams could be pushing multiple images per day. You know, they might be building every hour or every six hours or something like that. So the amount of scanning that they have to do must be pretty insane. So that doesn't feel like. I suppose the only downside to that is if you've got an image that you've published over 30 days ago, you're not going to get new scan information for that possible, you know.
Yeah, it's a shame. It's not like it's a shame. It's not like it's the, you know, the latest one that's being used kind of thing and that's continuously scanned. It's. Any previous images maybe. Yeah. If from a, from a versioning perspective kind of thing at least.
Yeah, yeah. And I suppose you don't really know you might be using Defender for cloud to look at a repository that then deploys to another cloud provider in theory. So, you know, Defender, Defender for cloud isn't going to the context of whether something's actually in use or not. Right. So yeah, I kind of feel like a flagging, you know, thing would have been better to say, you know, we will scan 100 images per month or whatever it is, mark the versions that you want scanning, put them in a slot that we scan against. Do you see what I'm saying? You know, but they've probably run the numbers, so that probably makes, probably makes sense.
Yeah, I guess, I guess as well. We don't, we don't know at the moment. But does it keep the, the vulnerability data still as well for that image? It's just that it's not near. The scan's not updated for new vulnerabilities kind of thing. Don't know.
I assume that recommendation is going to stay there from the last time it was scanned, isn't it? Be my gut. It's just we, we currently, we re scan images, you know, for 90 days and now it's going to be 30 days. So. Yeah. Be interesting to see if that affects anyone. Yeah. Okay, cool. Well, it turned out to actually quite a lot then this week because we're like three quarters of the way through, you know, an hour already. Yeah, yeah, no, that's it. Cool. Okay. What's the next episode then, Sam?
I'm going to cover Defender for Sequel, which is part of Microsoft. Defender for cloud. I think personally it's a very valuable protection that you can layer on top of your SQL databases. So I'll take us through that some of the controls that are part of that workload protection and yeah trying to explain some of the value of it. Cool. Yeah. Continuing with our seems to be like our series, well I guess a series series on Defender for, for, for Cloud Portfolio as we started this year.
Yeah, exactly. Cool. Okay. So did you enjoy this episode? If so, please do consider leaving us a review on Apple, Spotify or YouTube. This really helps us to reach more people like yourselves. If you do have any specific feedback or suggestions for episodes, we have a link in our show notes or you can comment on the episode on YouTube. Yeah and if you've made it this far, thanks ever so much for listening and we'll catch you on the next one. Yep, thanks. All.