Today, AWS announces the general availability of AWS Service Quotas integration with AWS Step Functions, enabling customers to monitor and manage their Step Functions quotas directly from the Service Quotas console. AWS Service Quotas is a service that helps you view and manage your AWS service quotas from a central location.AWS Step Functions is a visual workflow service that helps customers orchestrate AWS services, automate business processes, and build serverless applications. This integration improves service quota visibility and management for AWS Step Functions users.
With this launch, you can now view your AWS Step Functions account-level quota values through the Service Quotas console and monitor quota utilization through Amazon CloudWatch metrics. This enhanced visibility is particularly valuable for customers running high-volume workflow operations at scale, helping them proactively monitor resource usage and avoid potential service disruptions. Additionally, you can now request quota increases directly from the Service Quotas console. For eligible requests, quota changes are automatically updated without manual intervention, streamlining the quota management process.
Service Quotas console integration for AWS Step Functions is available in all commercial AWS Regions and the AWS GovCloud (US) Regions where AWS Step Functions is available.
To learn more about managing AWS Step Functions quotas, visit the AWS Step Functions documentation. You can access this feature through the Service Quotas console or through the CLI.
Today, AWS announces the general availability of AWS Service Quotas integration with AWS Step Functions, enabling customers to monitor and manage their Step Functions quotas directly from the Service Quotas console. AWS Service Quotas is a service that helps you view and manage your AWS service quotas from a central location.AWS Step Functions is a visual workflow service that helps customers orchestrate AWS services, automate business processes, and build serverless applications. This integration improves service quota visibility and management for AWS Step Functions users. With this launch, you can now view your AWS Step Functions account-level quota values through the Service Quotas console and monitor quota utilization through Amazon CloudWatch metrics. This enhanced visibility is particularly valuable for customers running high-volume workflow operations at scale, helping them proactively monitor resource usage and avoid potential service disruptions. Additionally, you can now request quota increases directly from the Service Quotas console. For eligible requests, quota changes are automatically updated without manual intervention, streamlining the quota management process. Service Quotas console integration for AWS Step Functions is available in all commercial AWS Regions and the AWS GovCloud (US) Regions where AWS Step Functions is available. To learn more about managing AWS Step Functions quotas, visit the AWS Step Functions documentation. You can access this feature through the Service Quotas console or through the CLI.
AWS Transfer Family now supports four new service-specific condition keys for Identity and Access Management (IAM). With this feature, administrators can create more granular IAM policies and service control policies (SCPs) to restrict configurations for Transfer Family resources, enhancing security controls and compliance management.
IAM condition keys allow you to author policies that enforce access control based on API request context. With these new condition keys, you can now author policies based on Transfer Family context to control which protocols, endpoint types, and storage domains can be configured through policy conditions. For example, you can use transfer:RequestServerEndpointType to prevent the creation of public servers, or transfer:RequestServerProtocols to ensure only SFTP servers can be created, enabling you to define additional permission guardrails for Transfer Family actions.
AWS Transfer Family now supports four new service-specific condition keys for Identity and Access Management (IAM). With this feature, administrators can create more granular IAM policies and service control policies (SCPs) to restrict configurations for Transfer Family resources, enhancing security controls and compliance management.
IAM condition keys allow you to author policies that enforce access control based on API request context. With these new condition keys, you can now author policies based on Transfer Family context to control which protocols, endpoint types, and storage domains can be configured through policy conditions. For example, you can use transfer:RequestServerEndpointType to prevent the creation of public servers, or transfer:RequestServerProtocols to ensure only SFTP servers can be created, enabling you to define additional permission guardrails for Transfer Family actions. The new IAM condition keys are available in all AWS Regions where AWS Transfer Family is available. To learn more, visit the IAM Service Authorization Reference and Transfer Family User Guide. To learn more about how to manage permissions within your organization through SCPs, visit the AWS Organizations User Guide.
AWS B2B Data Interchange introduces new transformation status reporting in the AWS Console, enabling you to monitor and troubleshoot your Electronic Data Interchange (EDI) files processing in a single simple user interface.
AWS B2B Data Interchange automates validation, transformation, and generation of EDI files such as ANSI X12 documents to and from JSON and XML data formats. With this launch, you can now track and review the status of the most recently performed EDI transformations directly in the AWS Console. For each partnership, AWS B2B Data Interchange now automatically presents information about the transformation status, timelines, and validation results for up to 10,000 most recently processed input-output pairs. This information enables you to easily track the status of your EDI exchanges with trading partners and troubleshoot issues, all in a single interface without needing to manually review log entries.
Support for transformation status reporting is available in all AWS Regions where the AWS B2B Data Interchange service is available. To get started with monitoring your EDI transformations, visit the AWS B2B Data Interchange user guide or take our self-paced workshop.
AWS B2B Data Interchange introduces new transformation status reporting in the AWS Console, enabling you to monitor and troubleshoot your Electronic Data Interchange (EDI) files processing in a single simple user interface. AWS B2B Data Interchange automates validation, transformation, and generation of EDI files such as ANSI X12 documents to and from JSON and XML data formats. With this launch, you can now track and review the status of the most recently performed EDI transformations directly in the AWS Console. For each partnership, AWS B2B Data Interchange now automatically presents information about the transformation status, timelines, and validation results for up to 10,000 most recently processed input-output pairs. This information enables you to easily track the status of your EDI exchanges with trading partners and troubleshoot issues, all in a single interface without needing to manually review log entries. Support for transformation status reporting is available in all AWS Regions where the AWS B2B Data Interchange service is available. To get started with monitoring your EDI transformations, visit the AWS B2B Data Interchange user guide or take our self-paced workshop.
AWS Transform now offers Terraform as an additional option to generate network infrastructure code automatically from VMware environments. The service converts your source network definitions into reusable Terraform modules, complementing current AWS CloudFormation and AWS Cloud Development Kit (CDK) support.
AWS Transform for VMware is an agentic AI service that automates the discovery, planning, and migration of VMware workloads, accelerating infrastructure modernization with increased speed and confidence. These migrations require recreating network configurations while maintaining operational consistency. The service now generates Terraform modules alongside CDK and AWS CloudFormation templates. This addition enables organizations to maintain existing deployment pipelines while using preferred tools for modular, customizable network configurations.
AWS Transform now offers Terraform as an additional option to generate network infrastructure code automatically from VMware environments. The service converts your source network definitions into reusable Terraform modules, complementing current AWS CloudFormation and AWS Cloud Development Kit (CDK) support. AWS Transform for VMware is an agentic AI service that automates the discovery, planning, and migration of VMware workloads, accelerating infrastructure modernization with increased speed and confidence. These migrations require recreating network configurations while maintaining operational consistency. The service now generates Terraform modules alongside CDK and AWS CloudFormation templates. This addition enables organizations to maintain existing deployment pipelines while using preferred tools for modular, customizable network configurations.
The Terraform module generation capability is available in all AWS Regions where the service is offered.
To learn more, visit the AWS Transform for VMware product page, read the user guide, or get started in the AWS Transform web experience.
AWS Storage Gateway now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach endpoint policies to VPC endpoints, allowing granular access control over Storage Gateway direct APIs for improved data protection and security posture.
AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use AWS Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low latency access to data in the cloud.
AWS Storage Gateway support for VPC endpoint policies is available in all AWS Regions where Storage Gateway is available. To learn more, visit our documentation.
AWS Storage Gateway now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach endpoint policies to VPC endpoints, allowing granular access control over Storage Gateway direct APIs for improved data protection and security posture. AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use AWS Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low latency access to data in the cloud. AWS Storage Gateway support for VPC endpoint policies is available in all AWS Regions where Storage Gateway is available. To learn more, visit our documentation.
Starting today, customers can use boot and data volumes backed by Dell PowerStore and HPE Alletra Storage MP B10000 storage arrays with Amazon Elastic Compute Cloud (Amazon EC2) instances on AWS Outposts, including authenticated and encrypted volumes. This enhancement extends our existing support for boot and data volumes to include Dell and HPE storage arrays, alongside our current support for NetApp® on-premises enterprise storage arrays and Pure Storage® FlashArray™. Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises or edge location for a truly consistent hybrid experience.
With Outposts, customers can maximize the value of their on-premises storage investments by leveraging their existing enterprise storage arrays for both boot and data volumes, complementing managed Amazon EBS and Local Instance Store options. This provides significant operational benefits, including streamlined operating system (OS) management via centralized boot volumes and advanced data management features through high-performance data volumes. By integrating their own storage, organizations can also satisfy data residency requirements and benefit from a consistent cloud operational model for their hybrid environments.
To simplify the process, AWS offers automation scripts through AWS Samples to help customers easily set up and use external block volumes with EC2 instances on Outposts. Customers can use the AWS Management Console or CLI to utilize third-party block volumes with EC2 instances on Outposts.
Third-party storage integration for Outposts with all compatible storage vendors is available on Outposts 2U servers and Outposts racks at no additional charge in all AWS Regions where Outposts is supported. See the FAQs for Outposts servers and Outposts racks for the latest list of supported Regions.
Starting today, customers can use boot and data volumes backed by Dell PowerStore and HPE Alletra Storage MP B10000 storage arrays with Amazon Elastic Compute Cloud (Amazon EC2) instances on AWS Outposts, including authenticated and encrypted volumes. This enhancement extends our existing support for boot and data volumes to include Dell and HPE storage arrays, alongside our current support for NetApp® on-premises enterprise storage arrays and Pure Storage® FlashArray™. Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises or edge location for a truly consistent hybrid experience. With Outposts, customers can maximize the value of their on-premises storage investments by leveraging their existing enterprise storage arrays for both boot and data volumes, complementing managed Amazon EBS and Local Instance Store options. This provides significant operational benefits, including streamlined operating system (OS) management via centralized boot volumes and advanced data management features through high-performance data volumes. By integrating their own storage, organizations can also satisfy data residency requirements and benefit from a consistent cloud operational model for their hybrid environments. To simplify the process, AWS offers automation scripts through AWS Samples to help customers easily set up and use external block volumes with EC2 instances on Outposts. Customers can use the AWS Management Console or CLI to utilize third-party block volumes with EC2 instances on Outposts. Third-party storage integration for Outposts with all compatible storage vendors is available on Outposts 2U servers and Outposts racks at no additional charge in all AWS Regions where Outposts is supported. See the FAQs for Outposts servers and Outposts racks for the latest list of supported Regions. To learn more about implementation details and best practices, check out this blog post or visit our technical documentation for Outposts servers, second-generation Outposts racks, and first-generation Outposts racks.
AWS Transfer Family now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach an endpoint policy to an interface VPC endpoint, allowing granular access control over Transfer Family APIs for improved data protection and security posture. Additionally, Transfer Family now supports Federal Information Processing Standards (FIPS) 140-3 enabled VPC endpoints.
Previously, customers had full access to Transfer Family APIs through an interface VPC endpoint, powered by AWS PrivateLink. With this launch, you can now manage which Transfer Family API actions (CreateServer, StartServer, DeleteServer, etc) can be performed, which principals can perform them, and which resources they can act upon. These policies work with existing IAM user and role policies and organizational service control policies.
AWS Transfer Family now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. With this feature, administrators can attach an endpoint policy to an interface VPC endpoint, allowing granular access control over Transfer Family APIs for improved data protection and security posture. Additionally, Transfer Family now supports Federal Information Processing Standards (FIPS) 140-3 enabled VPC endpoints. Previously, customers had full access to Transfer Family APIs through an interface VPC endpoint, powered by AWS PrivateLink. With this launch, you can now manage which Transfer Family API actions (CreateServer, StartServer, DeleteServer, etc) can be performed, which principals can perform them, and which resources they can act upon. These policies work with existing IAM user and role policies and organizational service control policies. VPC endpoint policy support is available in all AWS Regions where the service is available. To learn more, visit the Transfer Family User Guide.
Empoderar a los defensores en la era de la IA agéntica con Microsoft Sentinel
Microsoft presenta una nueva ola de innovación en seguridad, en la que ofrece una plataforma agéntica para proteger a las organizaciones a escala
Por: Vasu Jakkal, vicepresidenta corporativa de seguridad de Microsoft.
Vivimos un punto de inflexión en la forma en que las organizaciones trabajan y se defienden. En todas las industrias, han comenzado a surgir «Empresas Frontera» (Frontier Firms); estos son negocios donde los humanos y los agentes de IA colaboran en tiempo real para resolver problemas, innovar y construir organizaciones resilientes.
Para los equipos de seguridad, este cambio trae nuevas oportunidades y desafíos. La complejidad y la velocidad de las ciberamenazas modernas exigen soluciones que vayan más allá de las herramientas tradicionales. Para abordar estas necesidades, Microsoft introduce nuevas capacidades de seguridad agéntica para capacitar a los defensores para innovar de manera audaz y segura en esta nueva era de IA.
Microsoft Sentinel: la plataforma de seguridad para la era agéntica
Los defensores necesitan proteger la IA de extremo a extremo y, para eso, necesitan una plataforma que reúna datos, contexto, automatización y agentes inteligentes, lo que les permite defenderse y adaptarse a la velocidad de la IA. Esa plataforma es Microsoft Sentinel.
Sentinel comenzó como una gestión de eventos e información de seguridad (SIEM, por sus siglas en inglés) nativa de la nube y se expandió para incluir también un lago de datos de seguridad unificado en julio. Hoy en día, se expande a una plataforma agencial con la disponibilidad general del lago de datos Sentinel y la vista previa pública del gráfico Sentinel y el servidor Sentinel Model Context Protocol (MCP). Con el contexto basado en gráficos, el acceso semántico y la orquestación agéntica, Sentinel ofrece a los defensores una única plataforma para ingerir señales, correlacionar entre dominios y potenciar los agentes de IA integrados en Security Copilot, VS Code mediante GitHub Copilot u otras plataformas de desarrolladores.
Sentinel ingiere señales, ya sean estructuradas o semiestructuradas, y crea una comprensión rica y contextual de su patrimonio digital a través de datos de seguridad vectorizados y relaciones basadas en gráficos. Al integrar esta información con Microsoft Defender y Microsoft Purview, Sentinel aporta contexto basado en gráficos a las herramientas que ya usan los equipos de seguridad, lo que ayuda a los defensores a rastrear rutas de acceso de ataque, comprender el impacto y priorizar la respuesta, todo dentro de flujos de trabajo familiares.
Con Microsoft Security y el lago de datos Sentinel, hemos unificado silos, escalado operaciones, procesos automatizados y ampliado la cobertura, para transformar la manera en que detectamos patrones y nos preparamos para el futuro con una postura de seguridad unificada y ágil.
—Bernard Knaapen, director de producto, monitoreo y respuesta a incidentes, ABN AMRO
Sentinel también organiza y enriquece sus datos de seguridad, preparándolos para que los agentes de IA detecten problemas más rápido, investiguen con más claridad y respondan en automático cuando sea necesario. Y el enfoque basado en gráficos de Sentinel permite a los agentes de Security Copilot razonar sobre su entorno con precisión y velocidad, gracias al servidor MCP incorporado, que utiliza estándares abiertos para facilitar el acceso y la acción de los agentes. Para equipos avanzados, el servidor Sentinel MCP permite la extensibilidad de agentes predefinidos y personalizados, lo que permite un razonamiento impulsado por IA sobre datos unificados. Esto cambia la seguridad de reactiva a predictiva, lo que ayuda a los equipos a anticipar amenazas y automatizar la respuesta a escala.
Este diagrama ilustra la arquitectura y la integración del ecosistema de seguridad de Microsoft en entornos multinube y multiplataforma.
Sentinel es un SIEM líder en la industria y la red troncal escalable que los defensores necesitan en la era de la IA. Juntos, Sentinel y Security Copilot brindan a los equipos de seguridad la visibilidad, la automatización y la escala que necesitan para adelantarse a las amenazas cibernéticas.
Security Copilot: Creen sus propios agentes, sin necesidad de código
Security Copilot se creó para ayudar a los equipos de seguridad a enfrentar los desafíos más difíciles: alertas interminables, herramientas aisladas y presión constante para hacer más con menos. Pero nadie entiende su entorno y sus necesidades únicas como ustedes. Ahora pueden crear sus propios agentes de Security Copilot. El portal de Security Copilot cuenta con un generador de agentes sin código que les permite describir lo que necesitan en lenguaje natural y crear, optimizar y publicar agentes adaptados a sus flujos de trabajo en minutos.
También pueden crear agentes en una plataforma de codificación habilitada para el servidor Sentinel MCP, como VS Code, mediante GitHub Copilot. Una vez creado, ustedes pueden refinar e implementar agentes en su espacio de trabajo de Security Copilot mientras mantienen el proceso dentro de la plataforma de desarrollo familiar.
Los agentes de Security Copilot están diseñados para integrarse en las herramientas y flujos de trabajo diarios, ya sea integrados en los productos de seguridad de Microsoft que ustedes ya usan, creados por socios o personalizados para su entorno. Desde el lanzamiento de los agentes de Security Copilot en marzo de 2025, hemos entregado más de una docena de agentes para escenarios como la clasificación de phishing y la optimización del acceso condicional. Seguimos con la adición de agentes incrustados como Access Review Agent en Microsoft Entra. Los agentes de Microsoft y Security Copilot creados por los socios están disponibles para detectar, comprar e implementar en Security Store hoy.
Basándose en el contexto basado en gráficos de Sentinel, los agentes de Security Copilot ahora pueden razonar de manera más efectiva en todo su entorno, al correlacionar alertas, enriquecer el contexto con las relaciones, priorizar por impacto y automatizar acciones comunes. Esto permite menos falsos positivos, una clasificación más rápida y un menor tiempo medio de resolución (MTTR, por sus siglas en inglés). El trabajo cambia de la clasificación manual a los flujos de trabajo dirigidos por agentes: los agentes orquestan y automatizan las tareas rutinarias, mientras que los analistas revisan y aprueban los resultados, para enfocar su tiempo en decisiones estratégicas y búsquedas proactivas de amenazas.
A medida que las organizaciones adoptan la IA, Microsoft continúa su inversión en herramientas que ayudan a los equipos de seguridad a proteger y controlar sus plataformas, aplicaciones y agentes de IA en toda la empresa.
En los últimos meses, hemos ampliado nuestras capacidades de seguridad para IA, incluido Entra Agent ID para ayudar a descubrir y administrar su patrimonio de agentes, controles para evitar el intercambio excesivo de datos en aplicaciones y agentes de IA personalizados, herramientas de descubrimiento de riesgos para proveedores de modelos de IA y servidores MCP, y detección avanzada para ataques de inyección rápida.
En Microsoft Build 2025, anunciamos nuevas mejoras en Azure AI Foundry que proporcionan más protección para los agentes de IA a lo largo de su ciclo de vida. Estos estarán disponibles pronto e incluyen:
Control de cumplimiento de tareas de los agentes para ayudar a mantener a los agentes alineados con las tareas en tiempo real
Barrera de protección de información de identificación personal (PII, por sus siglas en inglés)
Capacidad de iluminación en escudos rápidos para mejorar la protección contra ataques de inyección cruzada
Juntas, estas innovaciones les ayudan a proteger y controlar sus aplicaciones y agentes de IA en Microsoft 365 Copilot, Copilot Studio y Azure AI Foundry, lo que les ayuda a crear las herramientas de confianza que sus equipos ya usan y les ofrece más protecciones creadas de forma nativa para sus plataformas de IA de Microsoft.
Hemos entrado en una nueva era: la seguridad es adaptativa, inteligente y actúa a la velocidad del pensamiento. Los avances anunciados hoy son los componentes básicos de una nueva generación de defensa.
Creo con firmeza que la seguridad es un deporte de equipo. Ese equipo nos incluye a todos: innovar juntos, aprender juntos y defender juntos.
Juntos, no solo imaginamos el futuro. Lo aseguramos.
Para obtener más información sobre las soluciones de seguridad de Microsoft, visiten nuestro sitio web. Agreguen a Favoritos el blog de Seguridad para mantenerse al día con nuestra cobertura experta en asuntos de seguridad. Además, síganos en LinkedIn (Microsoft Security) y X (@MSFTSecurity) para conocer las últimas noticias y actualizaciones sobre ciberseguridad.
AWS Firewall Manager announces that it is now available in AWS Asia Pacific (Taipei) Region. AWS Firewall Manager helps cloud security administrators and site reliability engineers protect applications while reducing the operational overhead of manually configuring and managing rules.
Working with AWS Firewall Manager, customers can provide defense in depth policies to address the full range of AWS security services for customers hosting their applications and workloads in AWS Taipei. Customers wishing to establish secured assets using AWS WAF can create and maintain security policies with AWS Firewall Manager.
To learn more about how AWS Firewall Manager works, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.
AWS Firewall Manager announces that it is now available in AWS Asia Pacific (Taipei) Region. AWS Firewall Manager helps cloud security administrators and site reliability engineers protect applications while reducing the operational overhead of manually configuring and managing rules. Working with AWS Firewall Manager, customers can provide defense in depth policies to address the full range of AWS security services for customers hosting their applications and workloads in AWS Taipei. Customers wishing to establish secured assets using AWS WAF can create and maintain security policies with AWS Firewall Manager. To learn more about how AWS Firewall Manager works, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.
You can now deploy AWS IAM Identity Center in 36 AWS Regions, including Asia Pacific (Bangkok) and Mexico Central (Querétaro).
IAM Identity Center is the recommended service for managing workforce access to AWS applications. It enables you to connect your existing source of workforce identities to AWS once and offer your users single sign on experience across AWS. It powers the personalized experiences offered by AWS applications, such as Amazon Q, and the ability to define and audit user-aware access to data in AWS services, such as Amazon Redshift. It can also help you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost in these AWS Regions.
You can now deploy AWS IAM Identity Center in 36 AWS Regions, including Asia Pacific (Bangkok) and Mexico Central (Querétaro).
IAM Identity Center is the recommended service for managing workforce access to AWS applications. It enables you to connect your existing source of workforce identities to AWS once and offer your users single sign on experience across AWS. It powers the personalized experiences offered by AWS applications, such as Amazon Q, and the ability to define and audit user-aware access to data in AWS services, such as Amazon Redshift. It can also help you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost in these AWS Regions.
To learn more about IAM Identity Center, visit the product detail page. To get started, see the IAM Identity Center User Guide.
