You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/whats-new.md
+12-3Lines changed: 12 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,11 +22,14 @@ For more information, see also:
22
22
23
23
For updates about versions and features released six months ago or earlier, see the [What's new archive for Microsoft Defender for Identity](whats-new-archive.md).
24
24
25
-
## February 2025
25
+
## March 2025
26
26
27
-
### New Identity guide tour
27
+
### New LDAP query events added to the IdentityQueryEvents table in Advanced Hunting
28
+
New LDAP query events will be added by March 6th to the `IdentityQueryEvents` table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.
29
+
This update may lead to an increase in activity within the Advanced Hunting IdentityQueryEvents table for LDAP queries. If you have custom detections related to these queries, you may see a higher number of triggered alerts.
30
+
We recommend that you review your existing custom detections to ensure they align with your objectives. If needed, you can adjust your query accordingly.
28
31
29
-
Explore key MDI features with the new **Identities Tour** in the M365 portal. Navigate Incidents, Hunting, and Settings to enhance identity security and threat investigation.
@@ -71,6 +74,12 @@ We have added and updated the following events in the `IdentityDirectoryEvents`
71
74
72
75
Additionally, the **built-in schema reference** for Advanced Hunting in Microsoft Defender XDR has been updated to include detailed information on all supported event types (**`ActionType`** values) in identity-related tables, ensuring complete visibility into available events. For more information, see [Advanced hunting schema details](/defender-xdr/advanced-hunting-schema-tables).
73
76
77
+
## January 2025
78
+
79
+
### New Identity guide tour
80
+
81
+
Explore key MDI features with the new **Identities Tour** in the M365 portal. Navigate Incidents, Hunting, and Settings to enhance identity security and threat investigation.
82
+
74
83
## December 2024
75
84
76
85
### New security posture assessment: Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)
Copy file name to clipboardExpand all lines: defender-endpoint/api/management-apis.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,7 +33,7 @@ Defender for Endpoint supports a wide variety of deployment, configuration, and
33
33
34
34
## Endpoint onboarding and portal access
35
35
36
-
Device onboarding is fully integrated into Microsoft Intune and Microsoft Configuration Manager for client devices. For servers, you can choose from several options, such as Defender for Endpoint Server, Defender for Servers (as part of the Defender for Cloud offering), or Defender for Business servers (for small and medium-sized businesses).
36
+
Device onboarding is fully integrated into Microsoft Intune and Microsoft Configuration Manager for client devices. You can onboard both client and server devices using the Microsoft Defender portal. Or, for servers, you can use Defender for Cloud, which integrates with Defender for Endpoint and Defender for Business. (Server licenses are required; for more information, see [Onboard servers to Defender for Endpoint](/defender-endpoint/onboard-server) and [Onboard devices to Defender for Business](/defender-business/mdb-onboard-devices).)
37
37
38
38
The Microsoft Defender portal provides your security team with a robust, end-to-end experience for configuration, deployment, and monitoring. In addition, Microsoft Defender for Endpoint supports Group Policy and other non-Microosft tools used for managing devices.
39
39
@@ -47,7 +47,7 @@ Defender for Endpoint provides fine-grained control over what users with access
47
47
48
48
Defender for Endpoint is built on top of an integration-ready platform.
49
49
50
-
Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs enable you to automate workflows and innovate based on Defender for Endpoint capabilities. You can also the Defender for Endpoint APIs with Defender for Business, for the capabilities that are supported in Defender for Business.
50
+
Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs enable you to automate workflows and innovate based on Defender for Endpoint capabilities. You can also use the Defender for Endpoint APIs with Defender for Business for the capabilities that are supported in Defender for Business.
51
51
52
52
:::image type="content" source="../media/mdatp-apis.png" alt-text="The available API and integration in Microsoft Defender for Endpoint" lightbox="../media/mdatp-apis.png":::
53
53
@@ -73,7 +73,7 @@ The **Response API** exposes the ability to take actions in the service and on d
73
73
74
74
Defender for Endpoint raw data streaming API provides the ability for customers to ship real-time events and alerts from their instances as they occur within a single data stream, providing a low latency, high throughput delivery mechanism.
75
75
76
-
The Defender for Endpoint event information is pushed directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or additional data processing engines.
76
+
The Defender for Endpoint event information is pushed directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or other data processing engines.
77
77
78
78
For more information, see [Raw data streaming API](raw-data-export.md).
79
79
@@ -82,9 +82,9 @@ For more information, see [Microsoft Defender XDR Streaming API](/defender-xdr/s
82
82
83
83
## SIEM API
84
84
85
-
When you enable security information and event management (SIEM) integration, it allows you to pull detections from Microsoft Defender XDR using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under your Microsoft Entra tenant.
85
+
When you enable security information and event management (SIEM) integration, you can pull detections from Microsoft Defender XDR using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under your Microsoft Entra tenant.
86
86
87
-
## Related topics
87
+
## Related articles
88
88
89
89
-[Access the Microsoft Defender for Endpoint APIs](apis-intro.md)
0 commit comments