check before: 2025-03-01
Product:
Defender, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
New LDAP query events will be added to the IdentityQueryEvents table in Advanced Hunting in March 2025, potentially increasing activity and alerts. Review and adjust custom detections as needed. More information is available [here](https://learn.microsoft.com/defender-xdr/custom-detection-rules).
Details:
New LDAP query events will be added to the IdentityQueryEvents table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in early March 2025 and expect to complete by mid-March 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-02-28
updated:
2025-03-05
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft Defender XDR will introduce new LDAP query events to the IdentityQueryEvents table in Advanced Hunting starting March 2025, enhancing visibility into LDAP search queries and potentially increasing alerts, with no installation required but a recommendation to review custom detection rules.
Direct effects for Operations**
Increased Alert Volume
The addition of new LDAP query events may lead to a significant increase in alerts, potentially overwhelming the security operations team and causing delays in response times to genuine threats.
- roles: Security Analyst, IT Administrator
- references: https://learn.microsoft.com/defender-xdr/custom-detection-rules
Need for Custom Detection Review
Existing custom detections may not align with the new LDAP query events, leading to missed alerts or false positives if not reviewed and adjusted accordingly.
- roles: Security Analyst, Compliance Officer
- references: https://learn.microsoft.com/defender-xdr/custom-detection-rules
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-03-05 | MC End Time | 04/14/2025 09:00:00 | 2025-04-28T09:00:00Z |
| 2025-03-05 | MC Last Updated | 02/28/2025 02:27:41 | 2025-03-04T19:27:19Z |
Last updated 10 months ago ago
