Improving the pipeline of Identity-related tables in Microsoft 365 Defender Advanced hunting

Originally posted by Microsoft Aug 24, 2023 Uncategorized 0 Comments

We’re improving the pipeline of Identity-related tables in Microsoft 365 Defender Advanced hunting. This change is designed to improve the latencies for identity-related data, bringing the delay times to a minimum.

When this will happen:

We will roll this change out on August 27, 2023.

How this will affect your organization:

As part of the change, the way we generate the ReportId column for the following Identity tables has also changed: 

  • IdentityLogonEvents 
  • IdentityQueryEvents 
  • IdentityDirectoryEvents 

After August 27th, 2023, Defender for Identity events that were previously streamed from Advanced hunting will show a mismatch in the ReportId value. There should be no other noticeable changes. 

What you need to do to prepare:

There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate.

Message ID: MC670027

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: