SOC Weekly Brief The week in the Microsoft security stack, distilled

← Home

Week 13 · 6 min read

March 23 – March 30, 2026

Act by

  • 1 Apr 2026 — Custom Sentinel graph API usage (creating and querying graphs) starts billing on the Sentinel graph meter, and GDAP plus unified and row-level RBAC for Sentinel enter public preview the same day. The MCP entity analyzer also begins charging Security Compute Units from this date. If your team scripts graph creation or queries through the custom Graph API, or calls entity analyzer from playbooks, expect metered cost from 1 April; note that federated-data analytics is only billed when you actually run queries, not when data is federated. (Microsoft Sentinel Blog)

What changed

Microsoft published detection, investigation, and hunting guidance for the Trivy supply-chain compromise on 24 March. Attackers (tracked as TeamPCP) force-pushed malicious commits onto existing tags of the Trivy scanner and its trivy-action and setup-trivy GitHub Actions, then pushed an infected binary to official channels — the campaign later extended to Bitwarden CLI, Checkmarx KICS, and LiteLLM. The malware kept each tool working while stealing cloud credentials (AWS, GCP, Azure), Kubernetes secrets, CI/CD tokens, and SSH keys, encrypting them into tpcp.tar.gz archives and exfiltrating to typosquatted C2 domains such as scan.aquasecurtiy[.]org. Microsoft maps coverage to Defender for Endpoint (entry-point stealers, suspicious curl and credential access), Defender for Cloud (metadata-service access and secret reconnaissance), and Defender for Identity (C2 DNS lookups), and ships advanced-hunting queries over CloudProcessEvents and DeviceProcessEvents plus IOC lists. For any SOC whose developers run Trivy in pipelines, this is an immediate hunt: check ingested versions, rotate exposed CI/CD secrets, and pin Actions to commit SHAs rather than mutable tags. (Microsoft Security Blog)

Microsoft used RSAC 2026 to consolidate identity into a single security surface, headlined by a new identity security dashboard and a unified identity risk score in Microsoft Defender, detailed in a 25 March post. The dashboard shows where identity risk concentrates across human and non-human identities, account types, and providers, while the risk score correlates identity behavior, access risk, and threat signals into one 0–100 value that can drive risk-based Conditional Access. Coverage now extends to non-human identities and third-party platforms including SailPoint and CyberArk, and a new coverage-and-maturity view scores your posture and prioritizes gaps. For a SOC, this is the practical payoff of the "identity is the new attack surface" message — a single place to see blast radius and act, though these previews are rolling out gradually and may not be in your tenant yet. (Microsoft Security Blog)

The same identity wave added adaptive risk remediation to Microsoft Entra ID Protection and extended the Security Copilot triage agent to identity. Adaptive remediation tailors the self-service recovery path to the type of threat and the credentials involved, letting risked users regain access with less help-desk dependence; the identity triage agent filters signal overload, surfaces high-confidence identity alerts, and explains why they matter to guide analyst response. Both are aimed squarely at cutting the manual toil and alert fatigue that identity investigations generate on shift. (Microsoft Security Blog)

Expanded multicloud posture coverage for AWS and GCP entered preview in Microsoft Defender for Cloud on 29 March, adding asset discovery and roughly 150 new recommendations across compute, databases, storage, networking, identity, secrets, DevOps, and AI/ML resource types. For Microsoft-stack SOCs that already run Defender for Cloud as their CSPM, this widens what shows up in the asset inventory for non-Azure estates; be aware that compliance results may shift as the new recommendations evaluate, and preview recommendations do not affect Secure Score. (Microsoft Learn)

AI model security for Azure Machine Learning entered public preview in Microsoft Defender for Cloud on 30 March. It discovers custom AI models across Azure ML registries and workspaces, scans supported model artifacts for malware and unsafe operators, and surfaces findings in Defender for Cloud, with a CLI option for CI/CD pipelines. As teams start hosting home-grown models, this gives the SOC a way to catch a poisoned or trojanized model artifact before it ships to production rather than after it runs. (Microsoft Learn)

Defender's March updates recategorized some Secure Score recommendations from Cloud apps to Identity. Several recommendations previously counted under the Cloud apps category are now treated as identity-related and grouped under Identity; the total Secure Score is unchanged, but individual identity and app subscores may move. It is a small change with a practical footprint — if you track Secure Score category trends for reporting, expect a one-time step in the Identity and Apps lines that reflects the reclassification, not a real posture change. (Microsoft Defender XDR what's new)

Advanced hunting gained two new cloud tables in preview in the March Defender XDR updates: CloudDnsEvents (DNS activity from cloud infrastructure) and CloudPolicyEnforcementEvents (policy-enforcement and security-gating decisions across cloud platforms protected by Defender for Cloud). Paired with the broader AWS/GCP coverage above, these give threat hunters queryable cloud DNS and enforcement telemetry alongside the existing CloudProcessEvents and CloudAuditEvents tables — useful for the same supply-chain and credential-theft hunts the Trivy guidance calls for. (Microsoft Defender XDR what's new)

Worth knowing

RSAC 2026 ran the week before this window — Microsoft's Pre-Day was Sunday 22 March, with the conference through mid-week — and most of the headline Sentinel, Defender, and Entra roundups published on 19–20 March. The through-line that carried into this post-conference week was identity: the Defender identity security dashboard, unified risk score, coverage-and-maturity view, and non-human identity inventory all appear as March previews on the Defender XDR what's-new page, so expect Secure Score and identity views to keep moving as these light up in your tenant. (Microsoft Defender XDR what's new)

The Trivy compromise is the visible edge of a wider CI/CD supply-chain wave — the same actor's tooling reached Bitwarden CLI, Checkmarx KICS, and LiteLLM by reusing access from an earlier, incompletely remediated incident. The durable lesson for a Microsoft-stack SOC is less about any one package and more about the pattern: build pipelines hold long-lived cloud and registry credentials, and a trusted scanner running with those credentials is an ideal theft vector. Treat developer and CI/CD identities as tier-0, pin third-party Actions to commit SHAs, scope pipeline tokens to least privilege, and make "which build agents ran this package, and what secrets could they see" a standing hunt rather than an incident-only question. (Microsoft Security Blog)

On the platform side, Microsoft Sentinel repositories reached general availability this month, letting you manage analytics and custom content as code from GitHub or Azure DevOps — the detection-as-code path that pairs naturally with the supply-chain hygiene above. Two dates are worth putting on the calendar now: Sentinel's Account Name entity mapping changes on 1 July 2026 (Account Name becomes the UPN prefix only, with new UserPrincipalName/UPNSuffix fields), which can break automation rules and Logic Apps that compare against the full UPN; and Microsoft Sentinel in the Azure portal retires on 31 March 2027, so any workspace still driven from the Azure portal should be planning its move to the Defender portal. (Microsoft Sentinel what's new)