What Changed
The Premium Microsoft Defender Threat Intelligence (PMDTI) Data Connector has been removed from the Threat Intelligence (NEW) solution package effective with version 3.0.19. This removal is part of Microsoft’s MDTI convergence effort to consolidate threat intelligence ingestion mechanisms.
Security Impact (Visibility & Fidelity)
Organizations currently using the PMDTI connector within this solution package will lose the ability to deploy or redeploy this specific connector path after upgrading to v3.0.19. The connector ingested IOCs from Premium MDTI into both the ThreatIntelIndicators and ThreatIntelObjects tables, providing threat intelligence coverage for IP addresses, domains, URLs, and file hashes.
Per PR discussion: This deprecation is preparation for a larger convergence effort that will consolidate ingestion between this connector and another mechanism. Microsoft confirms this removal will not immediately affect customers currently using the connector, as it utilizes the legacy Static UI implementation.
Migration Considerations
- Existing Deployments: Current PMDTI connector instances remain functional but will not be available for new deployments through this solution package
- Feature Flag: The connector was controlled by the premiummdticonnector feature flag with specific cloud enablement states
- Alternative Paths: Organizations should monitor Microsoft communications regarding the replacement ingestion mechanism as part of the MDTI convergence initiative
Affected Files
Solutions/Threat Intelligence (NEW)/Data Connectors/template_PremiumMicrosoftDefenderThreatIntelligence.json
(packaging artefacts: 3.0.19.zip, ReleaseNotes.md, Solution_ThreatIntelligenceUpdated.json, createUiDefinition.json, mainTemplate.json)