check before: 2024-11-01
Product:
Defender, Defender for Cloud Apps, Entra
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Retirement, Updated message
Links:
Details:
Summary:
The 'Investigation priority score' feature in Microsoft Defender is retiring, with the process starting in early November 2024 and ending late November 2024. Affected users should prepare by transitioning to the 'Entra risk score' feature, with resources provided for guidance.
Details:
Updated September 17, 2024: We have updated the rollout timeline below. Thank you for your patience.
We are retiring the Investigation priority score feature from Microsoft Defender.
[When this will happen:]
Retirment will begin early November 2024 (previously mid-September 2024) and we expect to complete by late November 2024 (previously late October).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-09-14
updated:
2024-09-19
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft will retire the 'Investigation priority score' feature in Microsoft Defender by late November 2024, requiring SOC administrators and analysts to transition to the 'Entra risk score' feature for managing security alerts.
Direct effects for Operations**
Loss of Investigation Priority Score Feature
SOC administrators and analysts will lose access to the Investigation priority score feature, impacting their ability to prioritize security alerts effectively.
- roles: SOC Administrator, SOC Analyst
- references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk
Transition to Entra Risk Score
Without proper preparation, users may struggle to transition to the Entra risk score feature, leading to potential security oversight during the transition period.
- roles: SOC Administrator, SOC Analyst
- references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk
Increased Security Risk
The retirement of the Investigation priority score may lead to increased security risks if users are unprepared and unable to adapt to the new system promptly.
- roles: SOC Administrator, Security Manager
- references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk
User Experience Disruption
Users may experience disruptions in their workflow due to the sudden removal of a familiar feature, leading to frustration and decreased productivity.
- roles: SOC Analyst, IT Support
- references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk
Training and Adaptation Needs
The need for training on the new Entra risk score feature may arise, which could lead to temporary inefficiencies if not addressed beforehand.
- roles: SOC Administrator, Training Coordinator
- references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-policies, https://learn.microsoft.com/entra/id-protection/howto-identity-protection-investigate-risk
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
Date | Property | old | new |
2024-09-19 | MC Messages | We are retiring the Investigation priority score feature from Microsoft Defender.
[When this will happen:] Retirment will begin mid-September 2024 and we expect to complete by late October 2024. | Updated September 17, 2024: We have updated the rollout timeline below. Thank you for your patience.
We are retiring the Investigation priority score feature from Microsoft Defender. [When this will happen:] Retirment will begin early November 2024 (previously mid-September 2024) and we expect to complete by late November 2024 (previously late October). |
2024-09-19 | MC Title | Retirement: Investigation priority score feature | (Updated) Retirement: Investigation priority score feature |
2024-09-19 | MC Last Updated | 09/14/2024 00:37:17 | 2024-09-19T02:34:37Z |
2024-09-19 | MC MessageTagNames | Admin impact, Retirement | Updated message, Admin impact, Retirement |
2024-09-19 | MC Summary | The 'Investigation priority score' feature in Microsoft Defender is retiring from mid-September to late October 2024. SOC administrators and analysts will need to use 'Entra risk score' instead and are advised to consult provided Microsoft Entra ID Protection resources for preparation. | The 'Investigation priority score' feature in Microsoft Defender is retiring, with the process starting in early November 2024 and ending late November 2024. Affected users should prepare by transitioning to the 'Entra risk score' feature, with resources provided for guidance. |
Last updated 2 weeks ago