Skip to content

Commit 091ecf0

Browse files
yelevinyelevin
committed
Shirley's edits
1 parent 878bbcd commit 091ecf0

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

articles/sentinel/whats-new.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,17 +34,17 @@ If you're looking for items older than six months, you'll find them in the [Arch
3434

3535
### Heads up: Account enrichment fields removed from Azure AD Identity Protection connector
3636

37-
As of **September 30 2022**, alerts coming from the Azure Activity Directory Information Protection connector will no longer contain the following fields:
37+
As of **September 30 2022**, alerts coming from the Azure Activity Directory Information Protection connector no longer contain the following fields:
3838

3939
- CompromisedEntity
4040
- ExtendedProperties["User Account"]
4141
- ExtendedProperties["User Name”]
4242

43-
The corresponding ID field remains part of the table, and any built-in queries and other operations will execute the appropriate name lookups in other ways (using the IdentityInfo table), so you shouldn’t be affected by this change in nearly all circumstances.
43+
We are working to adapt Microsoft Sentinel's built-in queries and other operations affected by this change to look up these values in other ways (using the *IdentityInfo* table).
4444

45-
If you've built any custom queries or rules directly referencing these fields, you'll need another way to get this information. Use the following two-step process to look up these values in the *IdentityInfo* table:
45+
In the meantime, or if you've built any custom queries or rules directly referencing these fields, you'll need another way to get this information. Use the following two-step process to look up these values in the *IdentityInfo* table:
4646

47-
1. Enable the UEBA solution to sync the *IdentityInfo* table with your Azure AD logs. Follow the instructions in [this document](enable-entity-behavior-analytics.md).
47+
1. If you haven't already, **enable the UEBA solution** to sync the *IdentityInfo* table with your Azure AD logs. Follow the instructions in [this document](enable-entity-behavior-analytics.md).
4848
(If you don't intend to use UEBA in general, you can ignore the last instruction about selecting data sources on which to enable entity behavior analytics.)
4949
1. Incorporate the query below in your existing custom queries or rules to look up this data by joining the *SecurityAlert* table with the *IdentityInfo* table.
5050

0 commit comments

Comments
 (0)