Merge pull request #4747 from DeCohen/WI480943-near-real-time-updates-entra-id-risk-level

near real time updates for Entra ID Risk Level

Author: aditisrivastava07

ATPDocs/whats-new.md

@@ -25,6 +25,14 @@ For updates about versions and features released six months ago or earlier, see
 
 ## August 2025
 
+### Microsoft Entra ID risk level is now available in near real time in Microsoft Defender for Identity (Preview)
+
+Entra ID risk level is now available on the Identity Inventory assets page, the identity details page, and in the IdentityInfo table in Advanced Hunting, and includes the Entra ID risk score. SOC analysts can use this data to correlate risky users with sensitive or highly privileged users, create custom detections based on current or historical user risk, and improve investigation context.
+
+Previously, Defender for Identity tenants received Entra ID risk level in the IdentityInfo table through user and entity behavior analytics (UEBA). With this update, the Entra ID risk level is now updated in near real time through Microsoft Defender for Identity.
+
+For UEBA tenants without a Microsoft Defender for Identity license, synchronization of Entra ID risk level to the IdentityInfo table remains unchanged.
+
 
 ### New security assessment: Remove inactive service accounts (Preview)
 

defender-xdr/advanced-hunting-identityinfo-table.md

@@ -102,10 +102,9 @@ If you're using the Microsoft Defender portal but haven't onboarded a Microsoft
 - `DeletedDateTime`
 - `EmployeeId`
 - `OtherMailAddresses`
-- `RiskLevel`
-- `RiskLevelDetails`
-- `State`
 - `Tags`
+- `State`
+
 
 For more information about UEBA, read [Advanced threat detection with User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel](/azure/sentinel/identify-threats-with-entity-behavior-analytics). For more information about the different data sources in UEBA, read [Microsoft Sentinel UEBA reference](/azure/sentinel/ueba-reference).