Microsoft Entra ID Protection: Enhanced Detection Logic Filters Out Admin Risk Events

Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision. Read More →

Microsoft Entra ID: Service Principal Credential Manipulation by Rare Actors

Identifies service principal credential additions by actors not observed performing these operations in the previous 90 days, targeting persistence techniques. Read More →

Microsoft Entra ID: Hunting Query for Password Spraying Detection via IP Failure Bursts

Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns. Read More →

Microsoft Entra ID: New Hunting Query Detects Post-Compromise Token Abuse via ASN Mismatches

Surfaces rapid ASN changes between interactive and non-interactive sign-ins within 10 minutes, indicating potential post-compromise token misuse. Read More →

Entra ID Brute Force Detection: Renamed for Broader Windows Device Coverage

Analytic rule renamed from Cloud PC-specific to cover all Entra-authenticated Windows devices, clarifying detection scope without logic changes. Read More →

Microsoft Entra ID Conditional Access Bypass Detection: False Positive Reduction via Benign Status Code Watchlist

New watchlist filters out 7 known-benign status codes from Conditional Access bypass detection to reduce false positives from legitimate MFA prompts and session expiration events. Read More →

Microsoft Entra ID: Account Creation/Deletion Detection Enhanced Against Timing Evasion

Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques. Read More →

Microsoft Entra ID Assets: Device and Organizational Contact Visibility Expansion

Two new asset tables (EntraDevices, EntraOrgContacts) added to Microsoft Entra ID connector for BloodHound graph building and complete asset enumeration. Read More →

Documentation Fix: Broken Links Resolved in Microsoft Entra ID and Network Session Essentials

Customer-reported broken links fixed in analytic rule descriptions with corrected MITRE technique references and restored documentation. Read More →

Microsoft Entra ID: New Conditional Access Security Insights and Monitoring Workbook

New Conditional Access SISM workbook added to provide comprehensive CA policy monitoring and Zero Trust analytics. Read More →

SOX IT Compliance Solution Released: IT Change Monitoring for Financial Controls

New compliance monitoring solution provides IT systems change tracking and segregation of duties controls for Sarbanes-Oxley compliance programs. Read More →

Microsoft Entra ID Playbooks: API Permission Updates for Session Revocation

Updates Revoke-AADSignInSessions playbook documentation to use correct User.RevokeSessions.All permissions instead of broader User.ReadWrite.All. Read More →

Microsoft Entra ID Assets: Fixing Product Name Typo in Data Connector

Fixed typo in Microsoft Entra ID Assets connector title and updated description to use correct Microsoft Sentinel branding. Read More →

GDPR Compliance Dashboard: New Workbook for Privacy Risk Monitoring

New GDPR Compliance solution adds workbook consolidating privacy risk signals from Defender XDR, Microsoft Purview, Azure SQL, and Entra ID. Read More →

Microsoft Entra ID Assets Solution: New Data Risk Graph Foundation for Purview Integration

New Microsoft Entra ID Assets connector provides supplemental asset data for enhanced activity insights and data risk graph capabilities in Microsoft Purview. Read More →

Microsoft Entra ID Connector: Preview Labels Removed from GA Data Types

Entra ID connector updated to remove preview designations from data types that have reached general availability. Read More →

Microsoft Entra ID Conditional Access Rules: Incident Configuration Fix Resolves Rule Creation Failures

Microsoft Entra ID Conditional Access detection rules updated to fix lookbackDuration format preventing rule deployment in Microsoft Sentinel workspaces. Read More →