Microsoft Defender XDR services: New LDAP query events added to the IdentityQueryEvents table in Advanced Hunting

Originally posted by Microsoft Feb 28, 2025 Uncategorized 0 Comments

New LDAP query events will be added to the IdentityQueryEvents table in Advanced Hunting in March 2025, potentially increasing activity and alerts. Review and adjust custom detections as needed. More information is available [here](https://learn.microsoft.com/defender-xdr/custom-detection-rules).

New LDAP query events will be added to the IdentityQueryEvents table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.

When this will happen:

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in early March 2025 and expect to complete by mid-March 2025.

How this will affect your organization:

This update may lead to an increase in activity within the Advanced Hunting IdentityQueryEvents table for LDAP queries. If you have custom detections related to these queries, you may see a higher number of triggered alerts.

This update is available by default. 

What you need to do to prepare:

We recommend that you review your existing custom detections to ensure they align with your objectives. If needed, you can adjust your query accordingly.

More information: Create and manage custom detection rules in Microsoft Defender XDR

Message ID: MC1019307

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: