Skip to content

Commit 145070e

Browse files
guywi-msguywi-ms
committed
Update investigate-users.md
1 parent 35a59be commit 145070e

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

defender-xdr/investigate-users.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,14 +60,16 @@ The user page shows the Microsoft Entra organization as well as groups, helping
6060
The **Entity details** panel on the left side of the page provides information about the user, such as the Microsoft Entra identity risk level, the insider risk severity level (Preview), the number of devices the user is signed in to, when the user was first and last seen, the user's accounts, groups that the user belongs to, and contact information. This card includes all incidents and alerts associated with the user entity, grouped by severity.
6161

6262
> [!NOTE]
63-
> **Investigation Priority Score** has been deprecated on December 3, 2024. As a result, both the Investigation Priority Score breakdown and the Scored activities cards have been removed from the UI.
63+
> **Investigation Priority Score** was deprecated on December 3, 2024. As a result, both the Investigation Priority Score breakdown and the Scored activities cards have been removed from the UI.
6464
6565
You see other details depending on the services and features you enabled, including:
6666

6767
- (Preview) Microsoft Defender XDR users with access to [Microsoft Purview Insider Risk Management](/purview/insider-risk-management-solution-overview) can now see a user's insider risk severity and gain insights on a user's suspicious activities in the user page. Select the **insider risk severity** under Entity details to see the risk insights about the user.
68-
- (Preview) If you enable [Microsoft Sentinel UEBA (User and Entity Behavior Analytics)](/azure/sentinel/identify-threats-with-entity-behavior-analytics), you'll see:
68+
- (Preview) If you enable [Microsoft Sentinel User and Entity Behavior Analytics (UEBA)](/azure/sentinel/identify-threats-with-entity-behavior-analytics), you'll see:
6969
- The user's top three UEBA anomalies from the last 30 days.
7070
- Links to launch pre-built advanced hunting queries and view all anomalous behaviors related to the user on the [Sentinel events tab](#microsoft-sentinel-events).
71+
This is available only for customers who have UEBA enabled.
72+
7173

7274
### Active directory account controls
7375

0 commit comments

Comments
 (0)