Merge branch 'main' of https://github.com/MicrosoftDocs/azure-security-docs-pr into defender-API

Author: ElazarK

articles/defender-for-cloud/TOC.yml

@@ -482,6 +482,9 @@
             - name: Discover generative AI workloads
               displayName: AI, workloads, models, applications, apps, AI BOM
               href: identify-ai-workload-model.md
+            - name: Discover AI models
+              displayName: AI, models, generative, applications, apps
+              href: ai-model-security.md
             - name: Explore risks to pre-deployment generative AI artifacts
               displayName: AI, risks, generative, applications, apps
               href: explore-ai-risk.md

articles/defender-for-cloud/ai-model-security.md

@@ -0,0 +1,114 @@
+---
+title: Discover AI models
+description: Learn about AI model security in Microsoft Defender for Cloud.
+ms.topic: concept-article
+ms.date: 03/25/2026
+ms.author: elkrieger
+zone_pivot_groups: defender-portal-experience
+---
+
+# AI model security
+
+As organizations increasingly use artificial intelligence (AI) models to drive automation, insights, and intelligent decision-making, security teams need visibility and control to assess the safety and compliance of AI models entering their environments. These models often have broad access to data and infrastructure. Without these capabilities, it becomes increasingly difficult to enforce internal standards. 
+
+Microsoft Defender for Cloud's Defender for AI security supports AI model scanning. AI model scanning provides proactive detection of unsafe or malicious artifacts and continuously monitors models for risk throughout the AI lifecycle.
+
+AI model security automatically scans AI models for security risks such as embedded malware, unsafe operators, and exposed secrets before those models reach production. Integrated directly with Azure Machine Learning and CI/CD pipelines, the service surfaces real-time findings and actionable remediation guidance, so teams can stop risky models early in the development process.
+
+By using AI model security, security teams can scan custom AI models uploaded to Azure Machine Learning workspaces and registries to identify threats like embedded malware, unsafe operators, and exposed secrets. Defender for Cloud presents the results, giving teams visibility into security findings along with severity ratings, remediation guidance, and relevant model metadata to support effective triage and prioritization. Developers can also trigger model scans during build or release stages by using CLI tools integrated with Azure DevOps or GitHub pipelines, enabling static scanning and early risk detection before models reach production.
+
+## Prerequisites
+
+- You must have an Azure subscription that contains AI models registered in [Azure Machine Learning](/azure/machine-learning/quickstart-create-resources) (Azure Machine Learning) registries or workspaces.
+
+> [!NOTE]
+> Workspaces and registries that use a private link aren't supported.
+
+- [Enable the Defender for Cloud Security Posture Management plan](tutorial-enable-cspm-plan.md).
+
+- You must [enable threat protection for AI services](ai-onboarding.md) and the [AI model security](ai-onboarding.md#enable-ai-model-security) component of the plan.
+
+- Required permissions: To enable the plan, you need **Owner** or **Contributor** level permissions on the Azure Machine Learning resources.
+
+- Supported model file formats: `Pickle (.pkl)`, `HDF5 (.h5)`, `TorchScript (.pt)`, `ONNX (.onnx)`, `SafeTensors (.safetensors)`, `TensorFlow SavedModel / TFLite (FlatBuffers)`, `NumPy (.npy)`, `Arrow, MsgPack, dill, joblib`, `PMML, JSON, POJO, MOJO, GGUF`.
+
+- File size limit: 10 GB. Model files larger than 10 GB can't be scanned.
+
+- The scan occurs once a week.
+
+::: zone pivot="azure-portal"
+
+## Locate all AI models in your environment
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. Select **Cloud Security Explorer**.
+
+1. Select **AI & Mls** > **AI models**.
+
+    :::image type="content" source="media/models/ai-models.png" alt-text="Screenshot that shows where to select AI models from the drop-down list in the Cloud Security Explorer." lightbox="media/models/ai-models.png":::
+
+1. Select **Done**.
+
+1. Select **+**.
+
+1. Select **Metadata** > **AI Model Metadata**.
+
+    :::image type="content" source="media/models/ai-models-metadata.png" alt-text="Screenshot that shows how to select the 'AI Models Metadata' option." lightbox="media/models/ai-models-metadata.png":::
+
+1. Select **Search**.
+
+The Cloud Security Explorer displays all AI models in your environment. You can select **view details** to see more information about each selected model.
+
+## Locate AI models with security findings
+
+Use the Cloud Security Explorer to find AI models that have active security findings.
+
+1. Follow steps 1-7 from the [Locate all AI models in your environment](#locate-all-ai-models-in-your-environment) section.
+
+1. Select **+**.
+
+1. Select **Recommendations** > **All recommendations**.
+
+    :::image type="content" source="media/models/all-recommendations.png" alt-text="Screenshot that shows how to select the 'All recommendations' option." lightbox="media/models/all-recommendations.png":::
+
+1. Select **Search**.
+
+The Cloud Security Explorer displays all AI models in your environment that have active security findings. Select **view details** to see more information about each model and the associated findings.
+
+::: zone-end
+
+::: zone pivot="defender-portal"
+
+## Locate all AI models in your environment
+
+The Defender portal **Assets** page provides a comprehensive view of all AI models in your environment.
+
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com/).
+
+1. Go to **Assets** > **Cloud** > **AI** > **AI models**.
+
+    :::image type="content" source="media/models/defender-ai-models.png" alt-text="Screenshot that shows how to navigate to the Defender portals asset page with all of the AI models presented." lightbox="media/models/defender-ai-models.png":::
+
+1. Select an AI model with recommendations.
+
+    :::image type="content" source="media/models/ai-models-recommendation.png" alt-text="Screenshot that shows AI models that have at least one recommendation affecting them.":::
+
+1. Select **Open asset page**.
+
+    :::image type="content" source="media/models/asset-page.png" alt-text="Screenshot that shows where the 'Open asset page' button is located." lightbox="media/models/asset-page.png":::
+
+1. Select **Security recommendations** > the relevant recommendation.
+ 
+1. Review and remediate the security finding as needed.
+ 
+You can also manage the recommendation in the Azure portal. 
+
+::: zone-end
+
+## Next step
+
+> [!div class="nextstep"]
+> [Build queries with cloud security explorer](how-to-manage-cloud-security-explorer.md).

articles/defender-for-cloud/ai-onboarding.md

@@ -2,7 +2,7 @@
 title: Enable threat protection for AI services
 description: Learn how to enable threat protection for AI services on your Azure subscription for Microsoft Defender for Cloud.
 ms.topic: install-set-up-deploy
-ms.date: 05/20/2025
+ms.date: 04/01/2026
 ms.author: elkrieger
 author: Elazark
 ---
@@ -19,6 +19,8 @@ Threat protection for AI services in Microsoft Defender for Cloud protects Micro
 
 - [Enable Defender for Cloud](get-started.md#enable-defender-for-cloud-on-your-azure-subscription) on your Azure subscription.
 
+- Required permissions: To enable the plan, you need **Owner** or **Contributor** level.
+
 ## Enable threat protection for AI services
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -33,7 +35,17 @@ Threat protection for AI services in Microsoft Defender for Cloud protects Micro
 
     :::image type="content" source="media/ai-onboarding/enable-ai-workloads-plan.png" alt-text="Screenshot that shows you how to toggle threat protection for AI services to on." lightbox="media/ai-onboarding/enable-ai-workloads-plan.png":::
 
-## Enable user prompt evidence
+## Enable the components of the plan
+
+With the AI services threat protection plan enabled, you can control whether the different components of teh plan are enabled. This includes:
+
+- **[Suspicious prompt evidence](#enable-suspicious-prompt-evidence)**: receive alerts for suspicious portions of user prompts and model responses to help analyze AI-related security alerts, with sensitive data automatically redacted. These prompt snippets appear in the Defender portal as part of each alert’s evidence.
+
+- **[Data security for AI interactions](#enable-data-security-for-microsoft-foundry-with-microsoft-purview)**: allows Microsoft Purview to access and analyze prompts, responses, and related metadata to provide data security and compliance capabilities such as SIT classification, auditing, insider risk, communication compliance, and eDiscovery. It is a paid Purview feature and is not included in the Defender for AI Services plan.
+
+- **[AI model security](#enable-ai-model-security)**: AI model scanning gives you a clear, unified view of all your models registered in Azure Machine Learning Registries. It helps teams stay ahead of security risks by automatically checking for issues like serialization vulnerabilities, malware, and missing scans. By surfacing misconfigurations and integrating seamlessly with Defender for Cloud and developer workflows, it ensures your AI models are continuously protected and ready for production.
+
+### Enable suspicious prompt evidence
 
 With the AI services threat protection plan enabled, you can control whether alerts include suspicious segments directly from your user's prompts, or the model responses from your AI applications or agents. Enabling user prompt evidence helps you triage, classify alerts and your user's intentions.
 
@@ -59,7 +71,7 @@ If User prompt evidence is disabled, Microsoft Defender for Cloud continues anal
 
 1. Select **Continue**.
 
-## **Enable Data Security for Microsoft Foundry with Microsoft Purview**
+### Enable Data Security for Microsoft Foundry with Microsoft Purview
 
 > [!NOTE]
 > This feature requires a Microsoft Purview license, which isn't included with Microsoft Defender for Cloud's Defender for AI Services plan.
@@ -89,6 +101,7 @@ This capability helps your organization manage and monitor AI-generated data i
 
 > [!NOTE]
 > Data Security Policies for Microsoft Foundry interactions are supported only for API calls that use Microsoft Entra ID authentication with a user-context token, or for API calls that explicitly include user context. To learn more, see [Gain end-user context for Azure AI API calls](gain-end-user-context-ai.md). For all other authentication scenarios, user interactions captured in Purview show up only in Purview Audit and DSPM for AI Activity Explorer. 
+
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 
 1. Search for and select **Microsoft Defender for Cloud**.
@@ -105,7 +118,7 @@ This capability helps your organization manage and monitor AI-generated data i
 
 1. Select **Continue**.
 
-### **Troubleshooting**
+#### **Troubleshooting**
 If you don't see user interactions for Entra ID authenticated users in Microsoft Purview Activity Explorer after turning on the toggle, follow these steps to troubleshoot:
 
 Run the following commands in Azure PowerShell
@@ -127,7 +140,31 @@ Run the following commands in Azure PowerShell
     ```PowerShell
     New-AzADServicePrincipal -ApplicationId "9ec59623-ce40-4dc8-a635-ed0275b5d58a"
     ```  
-   
+
+### Enable AI model security
+
+AI model security in Defender for Cloud, provides organizations proactive protection for Machine Learning (ML) models. The service scans models for security risks, such as embedded malware, unsafe operators, and exposed secrets, before models reach production.
+
+By integrating directly with Azure Machine Learning workspaces, registries, and continuous integration and continuous delivery (CI/CD) pipelines, Ai model security provides security teams visibility into the safety and compliance status of AI models that exist in their environments.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. In the Defender for Cloud menu, select **Environment settings**.
+
+1. Select the relevant Azure subscription.
+
+1. Locate AI services and select **Settings**.
+
+1. Toggle AI model security to **On**.
+
+    :::image type="content" source="media/ai-onboarding/model-security.png" alt-text="Screenshot that shows where the toggle for AI model security is located." lightbox="media/ai-onboarding/model-security.png":::
+
+1. Select **Continue**.
+
+Learn more about [AI model security](ai-model-security.md).
+
 ## Related content
 
 - [Add user and application context to AI alerts](gain-end-user-context-ai.md)

articles/defender-for-cloud/alerts-ai-workloads.md

@@ -3,7 +3,7 @@ title: Alerts for AI services
 description: This article lists the security alerts for AI services visible in Microsoft Defender for Cloud.
 ms.topic: reference
 ms.custom: linux-related-content
-ms.date: 02/22/2026
+ms.date: 03/25/2026
 ai-usage: ai-assisted
 ms.author: elkrieger
 author: Elazark
@@ -321,6 +321,14 @@ Severity: High 
 
 **Severity:** Low 
 
+### Malicious content detected in uploaded AI model
+
+(Ai.AIModelScan_MalwareDetected)
+
+**Description:** A user-uploaded machine learning model was scanned and found to contain malware. The detection indicates the file may execute malicious code if loaded, posing a threat to account integrity, data confidentiality, and the compute environment.
+
+**Severity:** High
+
 ## Next steps
 
 - [Security alerts in Microsoft Defender for Cloud](alerts-overview.md)

articles/defender-for-cloud/azure-portal-vs-defender-portal-comparison.md

@@ -3,8 +3,8 @@ title: Azure portal vs Defender portal feature comparison
 description: Compare Microsoft Defender for Cloud features and capabilities between the Azure portal and Defender portal experiences to understand the enhanced functionality available in each platform.
 author: dlanger
 ms.author: dlanger
-ms.topic: product-comparison
-ms.date: 10/16/2025
+ms.topic: article
+ms.date: 03/29/2026
 ms.service: defender-for-cloud
 ---
 
@@ -31,7 +31,7 @@ This article provides a comprehensive comparison of Microsoft Defender for Cloud
 | Feature name | Azure portal | Defender portal |
 |-------------|--------------|-----------------|
 | **Security recommendations** | Yes | Yes - Integrated into Exposure Management<br><br>**Note**: In the Defender portal, some recommendations that previously appeared as a single aggregated item now display as multiple individual recommendations. |
-| **Asset inventory** | Yes | Yes |
+| **Asset inventory** | Yes<br><br>**Note**: Only assets that have security issues detected on them are reflected. | Yes<br><br>**Note**: All discovered resources in customers' environments are reflected, even if there are no security issues detected on them. |
 | **Secure score** | Yes | Yes - New risk-based secure score |
 | **Data visualization and reporting with Azure Workbooks** | Yes | No |
 | **Data exporting** | Yes | No |

articles/defender-for-cloud/defender-cli-syntax.md

@@ -4,7 +4,7 @@ description: Discover how to scan container images for security risks using Micr
 #customer intent: As a DevOps engineer, I want to scan container images for vulnerabilities so that I can ensure the security of my deployments.
 author: Elazark
 ms.author: elkrieger
-ms.date: 11/06/2025
+ms.date: 02/12/2026
 ms.topic: concept-article
 ---
 
@@ -84,4 +84,49 @@ defender scan sbom my-image:latest
 
 ```bash
 defender scan sbom /home/src --sbom-format cyclonedx1.6-xml
+```
+
+## AI Model Scan
+
+Use the `defender scan model` command to scan AI models for security risks including malware, unsafe operators, and exposed secrets. This command supports models stored locally or in cloud registries such as Hugging Face, and common formats including Pickle (`.pkl`), ONNX (`.onnx`), TorchScript (`.pt`), TensorFlow, and SafeTensors.
+
+### Usage
+
+```bash
+defender scan model <target> [--modelscanner-Output <path>]
+```
+
+### Options
+
+| Name                         | Required | Type   | Description                                                  |
+| ---------------------------- | -------- | ------ | ------------------------------------------------------------ |
+| \<target\>                   | Yes      | String | The path to a local model file or directory, or a Hugging Face model URL (for example, `./models/my-model.pkl`, `https://huggingface.co/org/model`). |
+| \-\-modelscanner-Output      | No       | String | Output path for SARIF scan results.                          |
+
+### Supported model formats
+
+- Pickle (`.pkl`)
+- ONNX (`.onnx`)
+- TorchScript (`.pt`)
+- TensorFlow (`.tf`, `.pb`)
+- SafeTensors (`.safetensors`)
+
+### Examples
+
+#### Scan a local model
+
+```bash
+defender scan model ./models/my-model.pkl
+```
+
+#### Scan a Hugging Face model
+
+```bash
+defender scan model "https://huggingface.co/org/model-name"
+```
+
+#### Scan and export SARIF results
+
+```bash
+defender scan model ./models/my-model.onnx --modelscanner-Output results.sarif
 ```

articles/defender-for-cloud/defender-for-containers-introduction.md

@@ -76,7 +76,9 @@ Defender for Containers provides real-time threat protection for [supported cont
 
 Threat protection is provided for Kubernetes at the cluster, node, and workload levels. Both sensor-based coverage that requires the [Defender sensor](defender-for-cloud-glossary.md#defender-sensor) and agentless coverage based on analysis of the Kubernetes audit logs are used to detect threats. Security alerts are only triggered for actions and deployments that occur after you enable Defender for Containers on your subscription.
 
-Examples of security events that Microsoft Defenders for Containers monitors include:
+### Runtime detection examples
+
+Examples of security events that Microsoft Defender for Containers monitors include:
 
 - Exposed Kubernetes dashboards
 - Creation of high privileged roles
@@ -90,6 +92,31 @@ Defender for Cloud monitors the attack surface of multicloud Kubernetes deployme
 
 Defender for Cloud is [integrated with Microsoft Defender XDR](concept-integration-365.md). When Defender for Containers is enabled, security operators can use [Defender XDR to investigate and respond](/defender-xdr/investigate-respond-container-threats) to security issues in supported Kubernetes services.
 
+### Microsoft-maintained container images
+
+Defender for Containers deploys container images that are maintained and updated by Microsoft as part of the runtime protection components. These images are published to Microsoft Container Registry (MCR).
+
+Customers don't modify or patch these images directly. Microsoft maintains and updates them as part of the Defender for Containers release process.
+
+The following images are used by Defender for Containers runtime protection components:
+
+| Image | Purpose | MCR path |
+|---|---|---|
+| `security-publisher` | Publishes security findings collected from Kubernetes environments | `mcr.microsoft.com/azuredefender/stable/security-publisher` |
+| `low-level-collector` | Collects low-level runtime telemetry from Kubernetes nodes | `mcr.microsoft.com/azuredefender/stable/low-level-collector` |
+| `pod-collector` | Collects Kubernetes pod runtime data used for threat detection | `mcr.microsoft.com/azuredefender/stable/pod-collector` |
+| `anti-malware-collector` | Collects malware detection signals for container workloads | `mcr.microsoft.com/azuredefender/stable/anti-malware-collector` |
+| `old-file-cleaner` | Cleans up temporary and stale files as part of initialization workflows | `mcr.microsoft.com/azuredefender/stable/old-file-cleaner` |
+| `audit-logs-enabler` | Enables audit log collection for supported environments (for example, on-premises clusters) | `mcr.microsoft.com/azuredefender/stable/audit-logs-enabler` |
+| `defender-admission-controller` | Enforces runtime gating policies for Kubernetes workloads | `mcr.microsoft.com/mdc/prd/defender-admission-controller` |
+
+Updates are delivered through the deployment mechanism used by your environment. For example:
+
+- When deployed using the **AKS add-on**, updates are delivered through the AKS release lifecycle.
+- When deployed using **Helm**, updates are released within 30 days through updated chart versions.
+
+If you detect a vulnerability in a Microsoft-maintained Defender image, open an Azure support request and include the image name, tag, and CVE identifier.
+
 ## Learn more
 
 Learn more about Defender for Containers in the following blogs: