MC889532 – (Updated) Retirement: Investigation priority score feature (archived)

cloudscout.one Icon

check before: 2024-11-01

Product:

Defender, Defender for Cloud Apps, Entra

Platform:

Online, World tenant

Status:

Change type:

Admin impact, Retirement, Updated message

Links:

Details:

Summary:
The 'Investigation priority score' feature in Microsoft Defender is retiring, with the process starting in early November 2024 and ending late November 2024. Affected users should prepare by transitioning to the 'Entra risk score' feature, with resources provided for guidance.

Details:
Updated September 17, 2024: We have updated the rollout timeline below. Thank you for your patience.
We are retiring the Investigation priority score feature from Microsoft Defender.
[When this will happen:]
Retirment will begin early November 2024 (previously mid-September 2024) and we expect to complete by late November 2024 (previously late October).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-09-14

updated:
2024-09-19

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft will retire the 'Investigation priority score' feature in Microsoft Defender by late November 2024, requiring SOC administrators and analysts to transition to the 'Entra risk score' feature for managing security alerts.

Direct effects for Operations**

Loss of Investigation Priority Score Feature
SOC administrators and analysts will lose access to the Investigation priority score feature, impacting their ability to prioritize security alerts effectively.
   - roles: SOC Administrator, SOC Analyst
   - references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk

Transition to Entra Risk Score
Without proper preparation, users may struggle to transition to the Entra risk score feature, leading to potential security oversight during the transition period.
   - roles: SOC Administrator, SOC Analyst
   - references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk

Increased Security Risk
The retirement of the Investigation priority score may lead to increased security risks if users are unprepared and unable to adapt to the new system promptly.
   - roles: SOC Administrator, Security Manager
   - references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk

User Experience Disruption
Users may experience disruptions in their workflow due to the sudden removal of a familiar feature, leading to frustration and decreased productivity.
   - roles: SOC Analyst, IT Support
   - references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk

Training and Adaptation Needs
The need for training on the new Entra risk score feature may arise, which could lead to temporary inefficiencies if not addressed beforehand.
   - roles: SOC Administrator, Training Coordinator
   - references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-09-19MC MessagesWe are retiring the Investigation priority score feature from Microsoft Defender.
[When this will happen:]
Retirment will begin mid-September 2024 and we expect to complete by late October 2024.
Updated September 17, 2024: We have updated the rollout timeline below. Thank you for your patience.
We are retiring the Investigation priority score feature from Microsoft Defender.
[When this will happen:]
Retirment will begin early November 2024 (previously mid-September 2024) and we expect to complete by late November 2024 (previously late October).
2024-09-19MC TitleRetirement: Investigation priority score feature(Updated) Retirement: Investigation priority score feature
2024-09-19MC Last Updated09/14/2024 00:37:172024-09-19T02:34:37Z
2024-09-19MC MessageTagNamesAdmin impact, RetirementUpdated message, Admin impact, Retirement
2024-09-19MC SummaryThe 'Investigation priority score' feature in Microsoft Defender is retiring from mid-September to late October 2024. SOC administrators and analysts will need to use 'Entra risk score' instead and are advised to consult provided Microsoft Entra ID Protection resources for preparation.The 'Investigation priority score' feature in Microsoft Defender is retiring, with the process starting in early November 2024 and ending late November 2024. Affected users should prepare by transitioning to the 'Entra risk score' feature, with resources provided for guidance.

Last updated 2 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!