Unified sensor (v3.x) – new Remote Procedure Call (RPC) configuration health alert for Microsoft Defender for Identity

Originally posted by Microsoft Nov 18, 2025 Uncategorized 0 Comments

Microsoft Defender for Identity introduces a new RPC Configuration Health Alert for v3.x sensors, rolling out December 2025. It monitors RPC settings, improves detection accuracy, and enables the Unified Sensor RPC Audit tag for enhanced security visibility and auditing via Device Inventory and Advanced Hunting.

Introduction

Remote Procedure Call (RPC) Configuration Health Alert for sensors v3.x

When this will happen:

General availability (Production, GCC, GCCH):

How this affects your organization:

  • Who is affected: Admins managing Microsoft Defender for Identity v3.x sensors.
  • What will happen:
    • A new health alert will monitor RPC configuration status on v3.x sensors.
    • Applying the Unified Sensor RPC Audit tag will enforce configuration on existing and future v3.x sensors that match rule criteria.
    • The tag will be visible in Device Inventory and Advanced Hunting, providing transparency and auditing capabilities.
    • This feature improves detection accuracy and overall security coverage.

What you can do to prepare:

RPC Audit tag

  1. In the Microsoft Defender portal, navigate to: System > Settings > Microsoft Defender XDR > Asset Rule Management.
  2. Select Create a new rule.
  3. Enter a Rule name and Description, then set conditions using Device name, Domain, or Device tag. Ensure the Defender for Identity v3.x sensor is deployed on targeted devices.
  4. Add the tag Unified Sensor RPC Audit.
  5. Review and submit the rule.

Microsoft Defender for Identity documentation

Compliance considerations:

Message ID: MC1187390

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: