check before: 2025-09-01
Product:
Defender, Defender for Identity, Defender XDR
Platform:
Online, World tenant
Status:
Change type:
Feature update, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Identity will update several detections from late September to mid-October 2025 to reduce false positives and improve accuracy, lowering alert noise without requiring configuration changes. Admins should review alert volumes post-rollout and inform their security teams accordingly.
Details:
Introduction:
The Microsoft Defender for Identity team is rolling out improvements to several detections based on customer feedback and internal analysis. These updates are designed to reduce alert noise and improve detection accuracy, helping security teams focus on the most actionable threats. An active Microsoft Defender for Identity (MDI) license is required to benefit from these improvements.
When this will happen:
These improvements will begin rolling out gradually starting in late September 2025 and will complete by mid-October 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-09-12
updated:
2025-09-12
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
False Positives Reduction
If the changes are implemented without preparation, admins may misinterpret the reduced alert volume as a decrease in security threats, potentially leading to complacency in monitoring and response efforts.
- roles: Security Admin, IT Manager
- references: https://learn.microsoft.com/defender-for-identity/alerts-overview
Alert Management
The reduction in alert noise may lead to a lack of awareness about critical threats that still exist, as users may not be adequately informed about the changes in alert behavior, impacting their response strategies.
- roles: Security Analyst, Incident Response Team
- references: https://learn.microsoft.com/defender-for-identity/alerts-overview
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 months ago ago
