You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/whats-new.md
+6-3Lines changed: 6 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,6 +23,9 @@ For more information, see also:
23
23
24
24
For updates about versions and features released six months ago or earlier, see the [What's new archive for Microsoft Defender for Identity](whats-new-archive.md).
25
25
26
+
## August 2025
27
+
28
+
**Suspected Brute Force attack (Kerberos, NTLM):** Improved detection logic now includes scenarios where accounts were locked during the attacks. As a result, the number of triggered alerts may increase.
[Security Assessment: Unmonitored Microsoft Entra Connect servers](unmonitored-entra-connect-servers.md)
48
51
49
52
50
53
@@ -62,7 +65,7 @@ Scoping by Active Directory domains helps:
62
65
63
66
- Support operational boundaries: Align access for SOC analysts, identity administrators, and regional teams.
64
67
65
-
For more information see: [Configure scoped access for Microsoft Defender for Identity](configure-scoped-access.md).
68
+
For more information, see: [Configure scoped access for Microsoft Defender for Identity](configure-scoped-access.md).
66
69
67
70
68
71
### Okta integration is now available in Microsoft Defender for Identity
@@ -103,7 +106,7 @@ Defender for Identity now supports deploying its new sensor on Domain Controller
103
106
The Activation Page now displays all servers from your device inventory, including those not currently eligible for the new Defender for Identity sensor. This enhancement increases transparency into sensor eligibility, helping you identify noneligible servers and take action to update and onboard them for enhanced identity protection.
104
107
105
108
106
-
### Local administrators collection (using SAM-R queries) feature will be disabled
109
+
### Local administrators collection (using SAM-R queries) feature is disabled
107
110
The remote collection of local administrators group members from endpoints using SAM-R queries in Microsoft Defender for Identity will be disabled by mid-May 2025. This data is currently used to build potential lateral movement path maps, which will no longer be updated after this change. An alternative method is being explored. The change occurs automatically by the specified date, and no administrative action is required.
0 commit comments