You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,26 +27,27 @@ If you're looking for items older than six months, you'll find them in the [Arch
27
27
28
28
## October 2022
29
29
30
-
-[Heads up: Account enrichment fields removed from Azure AD Identity Protection connector](#heads-up-account-enrichment-fields-removed-from-azure-ad-identity-protection-connector)
30
+
-[Account enrichment fields removed from Azure AD Identity Protection connector](#account-enrichment-fields-removed-from-azure-ad-identity-protection-connector)
31
31
-[Microsoft 365 Defender now integrates Azure Active Directory Identity Protection (AADIP)](#microsoft-365-defender-now-integrates-azure-active-directory-identity-protection-aadip)
32
32
-[Out of the box anomaly detection on the SAP audit log (Preview)](#out-of-the-box-anomaly-detection-on-the-sap-audit-log-preview)
### Heads up: Account enrichment fields removed from Azure AD Identity Protection connector
35
+
### Account enrichment fields removed from Azure AD Identity Protection connector
36
36
37
-
As of **September 30 2022**, alerts coming from the Azure Activity Directory Information Protection connector no longer contain the following fields:
37
+
As of **September 30, 2022**, alerts coming from the **Azure Activity Directory Information Protection connector** no longer contain the following fields:
38
38
39
39
- CompromisedEntity
40
40
- ExtendedProperties["User Account"]
41
41
- ExtendedProperties["User Name”]
42
42
43
43
We are working to adapt Microsoft Sentinel's built-in queries and other operations affected by this change to look up these values in other ways (using the *IdentityInfo* table).
44
44
45
-
In the meantime, or if you've built any custom queries or rules directly referencing these fields, you'll need another way to get this information. Use the following two-step process to look up these values in the *IdentityInfo* table:
45
+
In the meantime, or if you've built any custom queries or rules directly referencing these fields, you'll need another way to get this information. Use the following two-step process to have your queries look up these values in the *IdentityInfo* table:
46
46
47
47
1. If you haven't already, **enable the UEBA solution** to sync the *IdentityInfo* table with your Azure AD logs. Follow the instructions in [this document](enable-entity-behavior-analytics.md).
48
48
(If you don't intend to use UEBA in general, you can ignore the last instruction about selecting data sources on which to enable entity behavior analytics.)
49
-
1. Incorporate the query below in your existing custom queries or rules to look up this data by joining the *SecurityAlert* table with the *IdentityInfo* table.
49
+
50
+
1. Incorporate the query below in your existing queries or rules to look up this data by joining the *SecurityAlert* table with the *IdentityInfo* table.
0 commit comments