check before: 2024-06-01
Product:
Defender, Defender for Cloud Apps
Platform:
World tenant, Online
Status:
Change type:
Admin impact, Retirement, Updated message, User impact
Links:
Details:
Summary:
The "Investigation priority score increase" policy in Microsoft Defender for Cloud Apps will be retired between June and September 2024 due to high false positives and limited value. Administrators should use the Advanced Hunting query as an alternative.
Details:
Updated August 15, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024.
After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations.
[When this will happen:]
We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late September 2024 (previously late July).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-04-23
updated:
2024-08-16
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Direct effects for Operations**
Loss of Alert Functionality
Retirement of the 'Investigation priority score increase' policy will lead to the loss of alert functionality, potentially increasing the risk of undetected security incidents.
- impacted roles: SOC Administrators, Security Analysts
- references: https://aka.ms/investigation-priority-score-doc
Increased Workload for Security Teams
With the removal of the policy, SOC teams may face an increased workload as they will need to rely on Advanced Hunting queries, which require more time and expertise.
- impacted roles: SOC Administrators, Security Analysts
- references: https://aka.ms/investigation-priority-score-doc
Potential for Increased False Negatives
The absence of the 'Investigation priority score increase' alerts may lead to a higher chance of false negatives, where real threats go unnoticed.
- impacted roles: SOC Administrators, Security Analysts
- references: https://aka.ms/investigation-priority-score-doc
User Experience Degradation
Users may experience a degradation in security monitoring, leading to potential security breaches that could affect their data and operations.
- impacted roles: End Users, IT Support Staff
- references: https://aka.ms/investigation-priority-score-doc
Training and Adaptation Needs
The change necessitates additional training for SOC teams to effectively use Advanced Hunting queries, which may disrupt current workflows.
- impacted roles: SOC Administrators, Security Analysts
- references: https://aka.ms/investigation-priority-score-doc
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
Date | Property | old | new |
2024-08-16 | MC Last Updated | 06/19/2024 20:33:15 | 2024-08-16T01:40:45Z |
2024-08-16 | MC Messages | Updated June 19, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024. After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations. [When this will happen:] We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late July 2024. | Updated August 15, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024. After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations. [When this will happen:] We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late September 2024 (previously late July). |
2024-08-16 | MC End Time | 09/02/2024 09:00:00 | 2024-11-11T08:00:00Z |
2024-08-16 | MC Summary | The "Investigation priority score increase" policy in Microsoft Defender for Cloud Apps will be retired between June and July 2024 due to high false positives and limited value. Administrators should use the Advanced Hunting query as an alternative. | The "Investigation priority score increase" policy in Microsoft Defender for Cloud Apps will be retired between June and September 2024 due to high false positives and limited value. Administrators should use the Advanced Hunting query as an alternative. |
2024-06-20 | MC Messages | We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024.
After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations. [When this will happen:] We will begin rolling this out in early June 2024 and expect to complete by late July 2024. | Updated June 19, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024. After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations. [When this will happen:] We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late July 2024. |
2024-06-20 | MC Title | "Investigation priority score increase" Policy to be retired | (Updated) "Investigation priority score increase" Policy to be retired |
2024-06-20 | MC Last Updated | 04/22/2024 23:54:02 | 2024-06-19T20:33:15Z |
2024-06-20 | MC MessageTagNames | User impact, Admin impact, Retirement | Updated message, User impact, Admin impact, Retirement |
Last updated 2 weeks ago