check before: 2025-08-01
Product:
Defender, Defender XDR, Entra, Microsoft Graph, Purview, Purview Communication Compliance, Purview Insider Risk Management, Stream
Platform:
Developer, Online, World tenant
Status:
Change type:
New feature, Admin impact
Links:
Details:
Summary:
Microsoft Defender XDR will support Streaming API for DataSecurityEvents and DataSecurityBehaviors tables starting late August 2025, enabling real-time insider risk alert data delivery via event hubs. This push-based feature is off by default, requires setup, and allows integration with external platforms while offering admin control through Entra ID.
Details:
As part of the integration between Microsoft Purview Insider Risk Management and Microsoft Defender XDR, we're enabling Streaming API support for two Advanced Hunting tables: DataSecurityEvents and DataSecurityBehaviors. These tables contain insider risk alert data, and this enhancement allows organizations to receive data in real time via event hubs. We invite your organization to explore this feature and share feedback.
When this will happen:
Public Preview: Rollout will begin in late August 2025 and is expected to complete by mid-September 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-08-19
updated:
2025-08-19
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Data Processing Changes
Real-time streaming of insider risk alert data may lead to unexpected data processing issues if not properly configured, potentially causing delays in data availability or loss of critical alerts.
- roles: Security Operations Team, Data Analysts
- references: https://learn.microsoft.com/en-us/defender-endpoint/api/raw-data-export
Integration Challenges
Without proper preparation, integration with external platforms may fail, leading to gaps in security monitoring and delayed incident response.
- roles: IT Administrators, Security Engineers
- references: https://learn.microsoft.com/en-us/defender-endpoint/api/raw-data-export
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
