Upcoming changes to Defender for Identity activities and alerts in Defender for Cloud Apps experiences

Microsoft has announced upcoming changes to Defender for Identity activities and alerts in Defender for Cloud Apps experiences. The move is part of the convergence of both Microsoft Defender for Identity and Microsoft Defender for Cloud Apps into Microsoft Defender XDR services. The retirement of Defender for Identity's Active Directory and alerts data from Defender for Cloud Apps dedicated experiences will begin rolling out in late January 2025 and is expected to complete in early March 2025. All affected data and functionality will remain available through Microsoft Defender XDR unified experiences following this change. However, Active Directory activities coming from Defender for Identity will no longer be available in Defender for Cloud Apps activity logs, and Defender for Cloud Apps activity policies will no longer trigger based on Active Directory data. New Active Directory activities, as well as Defender for Identity's alerts data, will no longer be available through Defender for Cloud Apps Activities API, Alerts API, or dedicated SIEM agents. Instead, all activities and alerts data will be available through Defender XDR Streaming API and Event Hubs. The identities page under 'Assets' in the XDR portal will be updated to better support the new experiences. To ensure a smooth transition, users are encouraged to create new custom detections.

Overall, the changes aim to move away from legacy experiences and enhance the unified experiences in Microsoft Defender XDR services.

The post Upcoming changes to Defender for Identity activities and alerts in Defender for Cloud Apps experiences appeared first on M365 Admin.