You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/anti-malware.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -114,7 +114,7 @@ Based on the alerts, you receive and review, you might need to adjust the rules
114
114
115
115
Effective anti-malware detection relies on your active role in configuring, monitoring, and adjusting policies for your environment.
116
116
117
-
You can arrange rules by priority by selecting the up or down arrow. The rule with the highest priority (the lowest number) runs first. If a rule matches, the rule action runs and the evaluation ends. If no rule matches, the system evaluates the next rule. If no rule matches, the system applies the default rules.
117
+
You can arrange rules by priority by selecting the up or down arrow. The rule with the highest priority (the lowest number) runs first. If a rule matches, the rule action runs and the evaluation ends. If no match, the system evaluates the next rule. If no rule matches, the system applies the default rules.
118
118
119
119
You can manage each rule by using the toolbar controls.
# Prepare for Key Vault API version 2026-02-01: Azure RBAC as default access control
17
17
18
-
> [!WARNING]
19
-
> Starting February 2026, Azure Key Vault API version 2026-02-01 establishes Azure RBAC as the default access control model. All API versions before 2026-02-01 retire on February 27, 2027.
18
+
> [!IMPORTANT]
19
+
> Starting February 2026, Azure Key Vault API version 2026-02-01 changes the default for **new vaults** to Azure RBAC. Existing vaults are unaffected. All API versions before 2026-02-01 retire on February 27, 2027. **Access policies remain fully supported.**
20
20
>
21
-
> This change breaks compatibility. Before February 27, 2027, you **must either**:
22
-
> -**Azure RBAC (recommended)**: [Set new and existing vaults to Azure RBAC](#step-4-migrate-to-azure-rbac-recommended)and adopt API version 2026-02-01 or later.
23
-
> -**Access policies (legacy)**: [Set new vaults to use access policies](#step-5-continue-using-access-policies) and adopt API version 2026-02-01 or later.
21
+
> Before February 27, 2027, adopt API version 2026-02-01 or later:
22
+
> -**Azure RBAC (recommended)**: [Migrate to Azure RBAC](#step-4-migrate-to-azure-rbac-recommended)for improved security.
23
+
> -**Access policies (legacy)**: [Continue using access policies](#step-5-use-access-policies-for-new-vaults) by setting `enableRbacAuthorization` to `false` when creating new vaults.
24
24
>
25
25
> **Azure Cloud Shell users**: Cloud Shell always uses the latest API version, so you'll automatically start using API version 2026-02-01 as soon as it releases. Follow the steps in this article before the release of API version 2026-02-01 to avoid disruption.
26
26
27
-
Azure Key Vault is implementing an important security enhancement in API version 2026-02-01, releasing in February 2026. To help protect your key vaults and reduce security risks, **the new Key Vault API version establishes Azure RBAC as the default access control model**, consistent with the Azure portal experience.
27
+
Azure Key Vault API version 2026-02-01, releasing in February 2026, changes the default access control model for new vaults to Azure RBAC, consistent with the Azure portal experience. Both Azure RBAC and access policies remain fully supported options.
28
28
29
29
The ramifications of this change are as follows:
30
30
@@ -175,18 +175,18 @@ If your key vaults already use Azure RBAC as their access control model, update
175
175
If your key vaults use access policies (`enableRbacAuthorization` = `false`), decide if you want to migrate to role-based access (recommended) or continue using access policies. For more information on access control models, see [Use Azure RBAC for managing access to Key Vault](rbac-guide.md) and [Azure Key Vault best practices](secure-key-vault.md).
176
176
177
177
**Choose your path:**
178
-
-**Recommended**: Go to [Step 4: Migrate to Azure RBAC](#step-4-migrate-to-azure-rbac-recommended)
179
-
-**Legacy**: Go to [Step 5: Continue using access policies](#step-5-continue-using-access-policies)
178
+
-**Azure RBAC (recommended)**: Go to [Step 4: Migrate to Azure RBAC](#step-4-migrate-to-azure-rbac-recommended)
179
+
-**Access policies (legacy)**: Go to [Step 5: Use access policies for new vaults](#step-5-use-access-policies-for-new-vaults)
180
180
181
181
## Step 4: Migrate to Azure RBAC (recommended)
182
182
183
183
Use this opportunity to increase your security posture by migrating from vault access policy to Azure RBAC for managing access. For detailed migration guidance, see [Migrate from vault access policy to an Azure role-based access control permission model](rbac-migration.md).
184
184
185
185
Update all Key Vault ARM, BICEP, Terraform templates, and REST API calls to use API version 2026-02-01 or later.
186
186
187
-
## Step 5: Continue using access policies
187
+
## Step 5: Use access policies for new vaults
188
188
189
-
To continue using access policies, follow the instructions in this section.
189
+
Access policies remain a fully supported access control model. To continue using access policies for new vaults, follow the instructions in this section.
190
190
191
191
Choose one of the following methods based on your scenario:
![learn-build-service-prod[bot]](https://avatars.githubusercontent.com/in/237442?v=4&size=40){kind=avatar}
0 commit comments