http://sentinelchangelog.net/tags/microsoft-defender-xdr/Recent content in Microsoft Defender XDR on sentinelchangelog.netHugo -- 0.157.0enThu, 21 May 2026 04:14:42 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14257/Thu, 21 May 2026 04:14:42 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14257/New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios.http://sentinelchangelog.net/posts/2026-05-15-pr-14195/Fri, 15 May 2026 08:53:22 +0000http://sentinelchangelog.net/posts/2026-05-15-pr-14195/New PowerShell assessment tool identifies migration blockers for Sentinel-to-Defender portal transitions.http://sentinelchangelog.net/posts/2026-05-04-pr-14117/Mon, 04 May 2026 12:53:39 +0000http://sentinelchangelog.net/posts/2026-05-04-pr-14117/Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern.http://sentinelchangelog.net/posts/2026-04-16-pr-14071/Thu, 16 Apr 2026 05:05:00 +0000http://sentinelchangelog.net/posts/2026-04-16-pr-14071/New SAP playbook enables automated user blocking via Teams adaptive cards with enhanced support for complex multi-alert incidents from Microsoft Defender XDR.http://sentinelchangelog.net/posts/2026-04-02-pr-13970/Thu, 02 Apr 2026 16:47:47 +0000http://sentinelchangelog.net/posts/2026-04-02-pr-13970/Critical data fidelity fix restores missing AlertOriginalStatus field in Microsoft Defender XDR ASIM AlertEvent parser, resolving alert status visibility gap.http://sentinelchangelog.net/posts/2026-02-17-pr-13596/Tue, 17 Feb 2026 06:43:02 +0000http://sentinelchangelog.net/posts/2026-02-17-pr-13596/Microsoft Defender XDR solution v3.0.14 adds hunting query targeting Punycode character abuse in lookalike domain attacks.http://sentinelchangelog.net/posts/2026-02-05-pr-13418/Thu, 05 Feb 2026 01:04:06 +0000http://sentinelchangelog.net/posts/2026-02-05-pr-13418/Microsoft Defender XDR AlertEvent parsers updated with optimized KQL logic, corrected field mappings, and enhanced IP address collection.http://sentinelchangelog.net/posts/2026-02-03-pr-13535/Tue, 03 Feb 2026 09:48:09 +0000http://sentinelchangelog.net/posts/2026-02-03-pr-13535/Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams.http://sentinelchangelog.net/posts/2026-01-22-pr-13485/Thu, 22 Jan 2026 11:09:59 +0000http://sentinelchangelog.net/posts/2026-01-22-pr-13485/Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions.http://sentinelchangelog.net/posts/2026-01-22-pr-13205/Thu, 22 Jan 2026 06:09:17 +0000http://sentinelchangelog.net/posts/2026-01-22-pr-13205/Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid “l.0.0” to proper “1.0.0” format.http://sentinelchangelog.net/posts/2026-01-21-pr-13480/Wed, 21 Jan 2026 13:39:25 +0000http://sentinelchangelog.net/posts/2026-01-21-pr-13480/Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions.http://sentinelchangelog.net/posts/2025-12-04-pr-13209/Thu, 04 Dec 2025 10:45:58 +0000http://sentinelchangelog.net/posts/2025-12-04-pr-13209/ZeroFox CCF connector receives missing KQL query fixes alongside packaging updates across 8+ solutions.http://sentinelchangelog.net/posts/2025-12-02-pr-13215/Tue, 02 Dec 2025 05:53:01 +0000http://sentinelchangelog.net/posts/2025-12-02-pr-13215/Updated Microsoft Defender for Office 365 workbook to version 3 with new visuals and improved insights based on user feedback.http://sentinelchangelog.net/posts/2025-11-21-pr-13167/Fri, 21 Nov 2025 05:16:08 +0000http://sentinelchangelog.net/posts/2025-11-21-pr-13167/Extended Teams protection hunting coverage with queries for partner impersonation, admin submissions, and external sender analysis.http://sentinelchangelog.net/posts/2025-11-20-pr-13158/Thu, 20 Nov 2025 08:54:08 +0000http://sentinelchangelog.net/posts/2025-11-20-pr-13158/Open Systems connector updated aiohttp dependency addressing potential security vulnerabilities, bundled with extensive solution packaging updates.http://sentinelchangelog.net/posts/2025-11-19-pr-13156/Wed, 19 Nov 2025 08:50:58 +0000http://sentinelchangelog.net/posts/2025-11-19-pr-13156/New hunting queries added to detect malicious URL clicks, ZAP events, and user submissions in Microsoft Teams.http://sentinelchangelog.net/posts/2025-11-10-pr-13063/Mon, 10 Nov 2025 06:23:07 +0000http://sentinelchangelog.net/posts/2025-11-10-pr-13063/New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions.http://sentinelchangelog.net/posts/2025-11-05-pr-13061/Wed, 05 Nov 2025 13:11:45 +0000http://sentinelchangelog.net/posts/2025-11-05-pr-13061/Critical security update for CyberArk Audit requests library addressing credential leak vulnerability, plus comprehensive updates across 8 solutions.