MC783216 – (Updated) “Investigation priority score increase” Policy to be retired (archived)

cloudscout.one Icon

check before: 2024-06-01

Product:

Defender, Defender for Cloud Apps

Platform:

World tenant, Online

Status:

Change type:

Admin impact, Retirement, Updated message, User impact

Links:

Details:

Summary:
The "Investigation priority score increase" policy in Microsoft Defender for Cloud Apps will be retired between June and September 2024 due to high false positives and limited value. Administrators should use the Advanced Hunting query as an alternative.

Details:
Updated August 15, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024.

After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations.
[When this will happen:]
We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late September 2024 (previously late July).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-04-23

updated:
2024-08-16

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Direct effects for Operations**

Loss of Alert Functionality
Retirement of the 'Investigation priority score increase' policy will lead to the loss of alert functionality, potentially increasing the risk of undetected security incidents.
  - impacted roles: SOC Administrators, Security Analysts
  - references: https://aka.ms/investigation-priority-score-doc

Increased Workload for Security Teams
With the removal of the policy, SOC teams may face an increased workload as they will need to rely on Advanced Hunting queries, which require more time and expertise.
  - impacted roles: SOC Administrators, Security Analysts
  - references: https://aka.ms/investigation-priority-score-doc

Potential for Increased False Negatives
The absence of the 'Investigation priority score increase' alerts may lead to a higher chance of false negatives, where real threats go unnoticed.
  - impacted roles: SOC Administrators, Security Analysts
  - references: https://aka.ms/investigation-priority-score-doc

User Experience Degradation
Users may experience a degradation in security monitoring, leading to potential security breaches that could affect their data and operations.
  - impacted roles: End Users, IT Support Staff
  - references: https://aka.ms/investigation-priority-score-doc

Training and Adaptation Needs
The change necessitates additional training for SOC teams to effectively use Advanced Hunting queries, which may disrupt current workflows.
  - impacted roles: SOC Administrators, Security Analysts
  - references: https://aka.ms/investigation-priority-score-doc

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-08-16MC Last Updated06/19/2024 20:33:152024-08-16T01:40:45Z
2024-08-16MC MessagesUpdated June 19, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024.

After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations.
[When this will happen:]
We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late July 2024.
Updated August 15, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024.

After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations.
[When this will happen:]
We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late September 2024 (previously late July).
2024-08-16MC End Time09/02/2024 09:00:002024-11-11T08:00:00Z
2024-08-16MC SummaryThe "Investigation priority score increase" policy in Microsoft Defender for Cloud Apps will be retired between June and July 2024 due to high false positives and limited value. Administrators should use the Advanced Hunting query as an alternative.The "Investigation priority score increase" policy in Microsoft Defender for Cloud Apps will be retired between June and September 2024 due to high false positives and limited value. Administrators should use the Advanced Hunting query as an alternative.
2024-06-20MC MessagesWe will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024.

After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations.
[When this will happen:]
We will begin rolling this out in early June 2024 and expect to complete by late July 2024.
Updated June 19, 2024: We have updated the rollout timeline below. Thank you for your patience.
We will be gradually retiring the "Investigation priority score increase" policy support from Microsoft Defender for Cloud Apps between June and July 2024.

After careful analysis and consideration, we have decided to deprecate it due to the high rate of false positives associated with this alert, which we found was not contributing effectively to the overall security of your organization. Our research indicated that this feature was not adding significant value and was not aligned with our strategic focus on delivering high-quality, reliable security solutions. We are committed to continuously improving our services and ensuring that they meet your needs and expectations.
[When this will happen:]
We will begin rolling this out in late June 2024 (previously early June) and expect to complete by late July 2024.
2024-06-20MC Title"Investigation priority score increase" Policy to be retired(Updated) "Investigation priority score increase" Policy to be retired
2024-06-20MC Last Updated04/22/2024 23:54:022024-06-19T20:33:15Z
2024-06-20MC MessageTagNamesUser impact, Admin impact, RetirementUpdated message, User impact, Admin impact, Retirement

Last updated 2 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!