check before: 2025-05-01
Product:
Defender, Defender for Identity, Defender XDR, Entra
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Coming soon: We will unify the Microsoft Defender for Identity (MDI) and Microsoft Sentinel IdentityInfo tables in Advanced Hunting into a single table.
With this unification, we are adding new identity attributes from the Sentinel UEBA service while also adjusting to support third-party Identity Providers (IDPs). Some of these updates include breaking changes, which may require you to update your existing queries.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early May 2025 and expect to complete by late May 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-10
updated:
2025-04-10
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is updating its Defender XDR services by merging two identity information tables into a single unified table, adding new identity attributes, and enhancing support for third-party identity providers like Okta, which may require adjustments to existing queries and systems.
Direct effects for Operations**
Breaking Changes in IdentityInfo Table
Existing queries referencing the IdentityInfo table may break, leading to potential data retrieval issues and incorrect insights.
- roles: Security Analysts, Data Engineers
- references: https://learn.microsoft.com/defender-xdr/advanced-hunting-identityinfo-table
Integration with Third-Party IDPs
Changes to accommodate third-party identity providers may disrupt current workflows and integrations, causing delays in identity verification processes.
- roles: IT Administrators, Security Analysts
- references: https://learn.microsoft.com/defender-xdr/advanced-hunting-identityinfo-table
New Identity Attributes
Introduction of new identity attributes may require significant adjustments in existing security workflows, leading to potential oversight in security monitoring.
- roles: Security Analysts, Compliance Officers
- references: https://learn.microsoft.com/defender-xdr/advanced-hunting-identityinfo-table
Impact on Custom Alerts and Automations
Custom alert rules and automations that rely on the IdentityInfo table may fail, resulting in missed security alerts and increased risk exposure.
- roles: Security Engineers, IT Administrators
- references: https://learn.microsoft.com/defender-xdr/advanced-hunting-identityinfo-table
Documentation Updates Required
Internal documentation may become outdated, leading to confusion and miscommunication among team members regarding the new schema and its implications.
- roles: Documentation Specialists, IT Administrators
- references: https://learn.microsoft.com/defender-xdr/advanced-hunting-identityinfo-table
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 week ago
