MC1190195 – Upcoming Changes to Entra Identity Protection Alert Settings in Defender XDR

Admin impact, Feature update, Stay Informed, User impact

check before: 2025-12-11

Product:

Defender, Defender XDR, Entra

Platform:

Online, World tenant

Status:

Change type:

Feature update, User impact, Admin impact

Links:

Details:

Summary:
Starting December 11, 2025, Microsoft Defender XDR will offer enhanced alert configuration for Entra ID Protection, allowing admins to filter alerts by risk level (High only, High + Medium, or All). The default will change to High risk only, reducing alert volume and improving clarity.

Details:
[Introduction]
To improve alert clarity and reduce fatigue, Microsoft Defender XDR is introducing enhanced configuration options for identity-related alerts from Entra ID Protection. These updates are based on customer feedback requesting more granular control over risk-based alerting.
[When this will happen]
This change will begin rolling out as a public preview starting December 11, 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-11-27

updated:
2025-11-27

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Alert Volume Reduction
Changing the default alert setting to High risk only may lead to critical alerts being missed if not properly configured, impacting incident response times.
   - roles: Security Admin, Incident Response Team
   - references: https://learn.microsoft.com/defender-xdr/investigate-alerts?tabs=settings#configure-microsoft-entra-ip-alert-service

User Experience with Alert Management
The new configuration may confuse admins if they are not prepared for the change, leading to potential mismanagement of alerts and increased workload.
   - roles: Security Admin, IT Support
   - references: https://learn.microsoft.com/defender-xdr/investigate-alerts?tabs=settings#configure-microsoft-entra-ip-alert-service

Configutation Options**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Get a Plan

Last updated 6 days ago ago

You must be logged in to post a comment.

Share to MS Teams

MC1190195 – Upcoming Changes to Entra Identity Protection Alert Settings in Defender XDR

check before: 2025-12-11

Leave a Reply

cloudscout.one

Schierding.one GmbH

become an evergreen hero

Hey there! We've got some great news - our Basic Plus plan has everything you need to succeed, and it's completely free! So, don't hesitate - take advantage of this amazing opportunity today!

Welcome Back, We Missed You!