check before: 2025-12-15
Product:
Defender, Defender for Identity, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Identity classic alerts will transition to the XDR detection platform starting mid-December 2025, improving detection accuracy. Admins must update workflows, use new Detector IDs, and reconfigure alert exclusions with XDR Alert Tuning rules. The rollout completes by early January 2026.
Details:
[Introduction]
Microsoft Defender for Identity classic alerts will transition to the XDR detection platform in mid-December 2025. This change improves detection accuracy and performance and aligns with our efforts to enhance security across environments.
[When this will happen:]
General availability (Production, GCC, and DoD): Rollout will begin in mid-December 2025 and is expected to complete early January.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-11-18
updated:
2025-11-18
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Workflow Disruption
Admins may face disruptions in their alert management workflows due to the transition to new Detector IDs, leading to potential delays in incident response.
- roles: Security Admin, IT Operations Manager
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-defender-for-identity-alerts-transitioning-to-xdr/ba-p/3751230
Increased False Positives
Without proper reconfiguration of alert exclusions, there may be an increase in false positives, causing unnecessary alerts and potential alert fatigue among security teams.
- roles: Security Analyst, Incident Response Team
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-defender-for-identity-alerts-transitioning-to-xdr/ba-p/3751230
User Experience Degradation
End users may experience delays in response to security incidents if alerts are not properly managed, leading to potential security vulnerabilities.
- roles: End User, Help Desk Support
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-defender-for-identity-alerts-transitioning-to-xdr/ba-p/3751230
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Alert Management Workflow
Transitioning to the XDR detection platform allows for improved alert management workflows. By utilizing the new Detector IDs and XDR Alert Tuning rules, organizations can streamline their incident response processes and reduce the time spent on false positives.
- next-steps: Conduct a workshop with security and operations teams to map out current workflows and identify areas for improvement with the new XDR features. Update documentation and training materials accordingly.
- roles: Security Administrators, IT Operations Managers, Incident Response Teams
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-defender-for-identity-alerts-transitioning-to-xdr/ba-p/3753923
Improved Detection Accuracy and Performance
The shift to the XDR platform enhances detection capabilities, allowing for more precise identification of threats. This improvement can lead to faster incident resolution and reduced impact on the organization.
- next-steps: Review and analyze the performance metrics of the current alert system versus expected improvements with XDR. Set benchmarks for detection accuracy and performance post-transition.
- roles: CISO, Security Analysts, IT Managers
- references: https://www.microsoft.com/en-us/security/blog/2023/01/10/microsoft-defender-for-identity-new-xdr-detection-capabilities/
Training and Knowledge Transfer for Security Teams
With the introduction of new Detector IDs and alert tuning rules, there is an opportunity to enhance the skills and knowledge of security teams through targeted training sessions. This will ensure that teams are well-prepared to utilize the new platform effectively.
- next-steps: Develop a training program that includes hands-on workshops, documentation review, and Q&A sessions focused on the XDR platform and its functionalities. Schedule regular training updates as new features are released.
- roles: Security Team Leaders, Training Coordinators, HR for Learning and Development
- references: https://learn.microsoft.com/en-us/microsoft-365/security/defender/defender-for-identity?view=o365-worldwide
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
