Improving the pipeline of Identity-related tables in Microsoft 365 Defender Advanced hunting
Microsoft 365 Defender Advanced hunting is making an improvement to the pipeline of Identity-related tables to reduce delay times in identity-related data. The change will become effective on August 27th, 2023. This change will affect the way the ReportId column is generated for IdentityLogonEvents, IdentityQueryEvents, and IdentityDirectoryEvents tables. After the rollout, events related to Defender for Identity that were streamed from Advanced hunting may show a mismatch in the ReportId value. However, no other significant changes are expected. No action is needed on the part of users to prepare for this change, except to notify them and update relevant documentation. The message ID for this change is MC670027.
You can find more information about this change on the M365 Admin site at https://m365admin.handsontek.net/improving-the-pipeline-of-identity-related-tables-in-microsoft-365-defender-advanced-hunting/.
Published on:
Learn more
Related posts
Microsoft Defender for Office 365: Enhanced multiple action experience from Threat explorer
Microsoft Defender for Office 365 has introduced enhancements to its Threat explorer feature, enabling SecOps personnel to take multiple actio...
Data Loss Prevention – Out-of-box Advanced Hunting queries for Data Loss Prevention incidents in Microsoft 365 Defender
This post provides information about how to use out-of-box advanced hunting queries for Data Loss Prevention incidents in Microsoft 365 Defend...
Microsoft Secure Score – New Microsoft Defender for Identity recommendations
In an effort to provide a more accurate representation of security posture, Microsoft is updating its Microsoft Secure Score improvement actio...
Microsoft Defender for Identity: Classic portal automatic redirection
Starting from June 30, 2023, Microsoft Defender for Identity's legacy portal will no longer be accessible. Any requests to the portal will be ...
Microsoft Defender for Office 365: 100 Admin Submission at once
Microsoft Defender for Office 365 admins can now submit up to 100 emails for analysis at once from advanced hunting, threat explorer, and user...
Updated NTLM Protocol Name for the Identity Advanced Hunting Tables
The identity tables in Microsoft 365's Advanced hunting feature will soon see the NTLM protocol name updated. The change is aimed at creating ...
Microsoft Defender for Identity: User page enhancements in Microsoft 365 Defender
Microsoft 365 Defender's user page is due for a revamp! The enhancements include structural alignment with other entity pages in Microsoft 365...
Microsoft Defender for Identity: User activity timeline in Microsoft 365 Defender
Microsoft is set to release a dedicated tab on the user page in Microsoft 365 Defender that will display a user's activity timeline, including...
Advanced Threat Hunting with Microsoft 365 Defender
In this podcast episode, Michael and Michael dive into the world of advanced threat hunting using Microsoft 365 Defender. Joining the conversa...