You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-identity/whats-new.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,7 +43,8 @@ For more information, see: [Link or Unlink an Account to an Identity (Preview)](
43
43
44
44
You can now perform remediation actions such as disabling accounts or resetting passwords on one or more accounts linked to an identity. For more information, see: [Remediation actions](remediation-actions.md#roles-and-permissions).
45
45
Defender for Identity now offers an opt-in automatic event-auditing configuration for unified sensors (V3.x). This feature streamlines deployment by automatically applying required Windows auditing settings to new sensors and fixing misconfigurations on existing ones. Admins can enable the option in the Defender for Identity Settings -> Advanced Features or via Graph API. The capability and its related health alerts will roll out globally beginning mid-November 2025.
46
-
**Releated Health alerts:**
46
+
47
+
**Related Health alerts:**
47
48
- NTLM Auditing is not enabled
48
49
- Directory Services Advanced Auditing is not enabled as required
49
50
- Directory Services Object Auditing is not enabled as required
@@ -60,7 +61,7 @@ The new security posture assessment lists users whose valid credentials have bee
60
61
|---------|---------|
61
62
|2.250|The improved event log query method captures a broader range of unique events at scale. As a result, you might notice an increase in captured activities. This update also includes security and performance improvements.|
62
63
63
-
### Expansion of identity scoping: upport for Organizational units (Preview)
64
+
### Expansion of identity scoping: Support for Organizational units (Preview)
64
65
65
66
In addition to the GA release of scoping by Active Directory domains a few months ago, you can now scope by **Organizational Units (OUs)** as part of XDR User Role-Based Access Control (URBAC). This enhancement provides even more granular control over which entities and resources are included in security analysis.
66
67
For more information, see [Configure scoped access for Microsoft Defender for Identity](configure-scoped-access.md).
@@ -84,7 +85,7 @@ As part of the ongoing transition to a unified alerting experience across Micros
84
85
85
86
| Classic Alert Title | External ID| XDR Alert Name |Detector ID|
|Active Directory attributes Reconnnaissance using LDAP|2210|[Active Directory attributes Reconnnaissance using LDAP](alerts-xdr.md#active-directory-attributes-reconnaissance-ldap)|xdr_LdapSensitiveAttributeRecon|
88
+
|Active Directory attributes Reconnaissance using LDAP|2210|[Active Directory attributes Reconnaissance using LDAP](alerts-xdr.md#active-directory-attributes-reconnaissance-ldap)|xdr_LdapSensitiveAttributeRecon|
88
89
|User and IP address reconnaissance|2012|[User and IP address reconnaissance (SMB)](alerts-xdr.md#user-and-ip-address-reconnaissance-smb)|xdr_SmbSessionEnumeration|
89
90
|Account enumeration reconnaissance|2003|[Account enumeration reconnaissance in AD FS](alerts-xdr.md#account-enumeration-reconnaissance-in-ad-fs)|xdr_AccountEnumerationHintSecurityAlertAdfs|
90
91
|||[Account enumeration reconnaissance in Kerberos](alerts-xdr.md#account-enumeration-reconnaissance-in-kerberos)|xdr_AccountEnumerationHintSecurityAlertKerberos|
0 commit comments