<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Microsoft on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/microsoft/</link><description>Recent content in Microsoft on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 03 Jul 2026 06:43:54 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/microsoft/index.xml" rel="self" type="application/rss+xml"/><item><title>Entra ID Brute-Force Detection: Sort Order Fix Corrects Anomaly Decomposition Input</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</link><pubDate>Fri, 03 Jul 2026 06:43:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</guid><description>The BruteForceAgainstanEntraAuthenticatedWindowsDevice Analytic Rule was building unsorted time-series arrays for series_decompose_anomalies, meaning anomaly detection results could be incorrect or inconsistent across executions &amp;ndash; this fix enforces chronological ordering and stable serialization before make_list.</description></item><item><title>Hybrid Attack Solution: Packaging Fix for Missing Workbook Content ID and Version</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14576/</link><pubDate>Mon, 29 Jun 2026 07:16:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14576/</guid><description>Corrects missing content ID and version fields in the Hybrid Attack — Cloud &amp;amp; Identity solution packaging template to resolve a validation failure preventing Content Hub deployment.</description></item><item><title>New Workbook: Hybrid Attack Kill-Chain Hunting Across Cloud and On-Prem Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</link><pubDate>Mon, 29 Jun 2026 06:09:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</guid><description>A new behavior-led hunting workbook registers in Microsoft Sentinel covering end-to-end hybrid identity attack scenarios across 7 MITRE ATT&amp;amp;CK phases, correlating signals from Entra ID, Azure, on-prem AD, and Defender XDR.</description></item><item><title>Microsoft Defender XDR: Email Hunting Queries Fixed to Reference Correct Connector, Three New Teams/Phish Queries Added</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</link><pubDate>Tue, 23 Jun 2026 05:40:00 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</guid><description>Three email-focused Hunting Queries had a broken connector reference (OfficeATP instead of MicrosoftThreatProtection), suppressing results for orgs using the Defender XDR connector; three new queries covering RMM-via-Teams, alert correlation with Teams messages, and phish-reporter identity are also added.</description></item><item><title>Microsoft Defender XDR: OAuth and Device-Code Phishing Hunting Queries Unblocked After ARM-TTK Pipeline Failure</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</link><pubDate>Thu, 18 Jun 2026 05:58:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</guid><description>Two Defender XDR hunting queries targeting OAuth consent and device-code phishing were blocked from pipeline validation due to ARM-TTK hardcoded URI false positives; KQL refactored to construct URLs via strcat(), restoring deployment and preserving detection semantics.</description></item><item><title>Premium MDTI Connector Removed from Threat Intelligence Solution During MDTI Convergence</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-14343/</link><pubDate>Mon, 15 Jun 2026 09:58:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-14343/</guid><description>Premium Microsoft Defender Threat Intelligence connector no longer available in Threat Intelligence (NEW) solution v3.0.19 as part of MDTI convergence effort.</description></item><item><title>Azure SQL Database Detection Rules: Enhanced MITRE Coverage and Alert Context</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-13876/</link><pubDate>Thu, 11 Jun 2026 13:00:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-13876/</guid><description>Quality improvements to 10 Azure SQL analytic rules add missing MITRE techniques, alert customization, and standardized query outputs.</description></item><item><title>Agent 365 Solution: Content Hub Update Detection Restored After Package ID Mismatch</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14431/</link><pubDate>Tue, 09 Jun 2026 05:53:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14431/</guid><description>Restores Agent 365 v3.1.1 Content Hub update detection by fixing solution ID mismatch that prevented upgrade notifications.</description></item><item><title>Microsoft Agent Identities Connector: New Entra Non-Human Identity Asset Visibility (Preview)</title><link>http://sentinelchangelog.net/posts/2026-06-03-pr-14326/</link><pubDate>Wed, 03 Jun 2026 06:01:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-03-pr-14326/</guid><description>Agent 365 solution adds new Microsoft Agent Identities connector for tracking agent blueprints and non-human identity assets across four data tables.</description></item><item><title>Azure Security Benchmark Solution: Enhanced Detection Logic and Incident Enrichment (v3.0.5)</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-13905/</link><pubDate>Fri, 29 May 2026 08:53:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-13905/</guid><description>Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details.</description></item><item><title>LockBit Hunting Query: ActiveMQ Exploit IoC Detection Added</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-14350/</link><pubDate>Fri, 29 May 2026 05:32:22 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-14350/</guid><description>New hunting query provides hash-based detection for LockBit ransomware artifacts deployed via Apache ActiveMQ CVE-2023-46604 exploitation.</description></item><item><title>Entra ID Authentication Anomalies: Advanced Hunting for Privilege Abuse and Defense Evasion</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14339/</link><pubDate>Wed, 27 May 2026 13:42:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14339/</guid><description>Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations.</description></item><item><title>Entra ID Account Takeover: Three-Query Hunting Pack for Post-Compromise Detection</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14335/</link><pubDate>Wed, 27 May 2026 13:41:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14335/</guid><description>Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors.</description></item><item><title>BadUSB HID Injection Detection: New Hunt for PowerShell via Windows Run Dialog</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14336/</link><pubDate>Wed, 27 May 2026 13:38:59 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14336/</guid><description>Adds hunting query to detect hardware keystroke injectors spawning PowerShell through explorer.exe with evasion patterns.</description></item><item><title>Microsoft Entra ID OAuth Consent Query: Fixing Zero-Result Bug in High-Risk Permission Detection</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14334/</link><pubDate>Wed, 27 May 2026 13:38:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14334/</guid><description>Corrects broken hunting query that returned no results due to incorrect property name filter.</description></item><item><title>Hunting Query: Ephemeral Code Signing Certificates for Malware-Signing-as-a-Service Detection</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14308/</link><pubDate>Wed, 27 May 2026 08:59:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14308/</guid><description>New hunting query identifies short-lived code signing certificates (≤14 days) on non-developer endpoints to detect Fox Tempest MSaaS operations.</description></item><item><title>Hunting Query: Rootkit Network Evasion Detection via Firewall-EDR Telemetry Delta</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14337/</link><pubDate>Wed, 27 May 2026 08:36:31 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14337/</guid><description>New hunting query detects kernel-level rootkits bypassing EDR network telemetry by comparing perimeter firewall logs against Microsoft Defender for Endpoint data streams.</description></item><item><title>Defender for Endpoint: Cryptographic Identity Baselining Hunting Query for Process Network Anomalies</title><link>http://sentinelchangelog.net/posts/2026-05-26-pr-14333/</link><pubDate>Tue, 26 May 2026 09:05:22 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-26-pr-14333/</guid><description>New hunting query detects first-time network connections by processes using cryptographic signer baselining to defeat DLL sideloading and BYOTA attacks.</description></item><item><title>LSASS Credential Dumping: Resilient Behavioral Detection Pack Added</title><link>http://sentinelchangelog.net/posts/2026-05-26-pr-14341/</link><pubDate>Tue, 26 May 2026 05:29:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-26-pr-14341/</guid><description>Three new hunting queries detect LSASS memory dumping using behavioral physics rather than brittle timing or tool names.</description></item><item><title>Entra ID Workload Identity and Privileged Role Hunting Pack: Three New Detection Queries</title><link>http://sentinelchangelog.net/posts/2026-05-21-pr-14281/</link><pubDate>Thu, 21 May 2026 12:50:47 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-21-pr-14281/</guid><description>New hunting pack targeting workload identity abuse and privileged role assignment anomalies with coverage gaps for service principal credential theft and PIM bypass techniques.</description></item><item><title>ETW-Resistant .NET Fileless Injection Detection via Kernel-Level CLR Loading</title><link>http://sentinelchangelog.net/posts/2026-05-21-pr-14314/</link><pubDate>Thu, 21 May 2026 12:14:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-21-pr-14314/</guid><description>New hunting query detects fileless .NET execution even when attackers patch ETW by monitoring kernel-level .NET runtime DLL loading in native processes and untrusted paths.</description></item><item><title>Microsoft Defender XDR: New Hunting Query for Delegate Mailbox Phish Reporting Analysis</title><link>http://sentinelchangelog.net/posts/2026-05-21-pr-14257/</link><pubDate>Thu, 21 May 2026 04:14:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-21-pr-14257/</guid><description>New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios.</description></item><item><title>Agent 365 Solution Rebranded from A365 Observability (v3.0.1)</title><link>http://sentinelchangelog.net/posts/2026-05-15-pr-14263/</link><pubDate>Fri, 15 May 2026 06:03:55 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-15-pr-14263/</guid><description>Microsoft renamed the A365 Observability solution to Agent 365 for marketing alignment with no functional changes.</description></item><item><title>Microsoft Entra ID Protection: Enhanced Detection Logic Filters Out Admin Risk Events</title><link>http://sentinelchangelog.net/posts/2026-05-12-pr-14108/</link><pubDate>Tue, 12 May 2026 08:58:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-12-pr-14108/</guid><description>Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision.</description></item><item><title>Microsoft Entra ID: Service Principal Credential Manipulation by Rare Actors</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14213/</link><pubDate>Thu, 07 May 2026 10:51:04 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14213/</guid><description>Identifies service principal credential additions by actors not observed performing these operations in the previous 90 days, targeting persistence techniques.</description></item><item><title>Microsoft Entra ID: Hunting Query for Password Spraying Detection via IP Failure Bursts</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14208/</link><pubDate>Thu, 07 May 2026 10:50:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14208/</guid><description>Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns.</description></item><item><title>Microsoft Entra ID: New Hunting Query Detects Post-Compromise Token Abuse via ASN Mismatches</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14207/</link><pubDate>Thu, 07 May 2026 10:50:16 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14207/</guid><description>Surfaces rapid ASN changes between interactive and non-interactive sign-ins within 10 minutes, indicating potential post-compromise token misuse.</description></item><item><title>Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs</title><link>http://sentinelchangelog.net/posts/2026-05-06-pr-13820/</link><pubDate>Wed, 06 May 2026 09:37:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-06-pr-13820/</guid><description>Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context.</description></item><item><title>Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks</title><link>http://sentinelchangelog.net/posts/2026-05-04-pr-14117/</link><pubDate>Mon, 04 May 2026 12:53:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-04-pr-14117/</guid><description>Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern.</description></item><item><title>Azure DevOps Auditing: Fixing Broken Connector After Parameter Mismatch</title><link>http://sentinelchangelog.net/posts/2026-05-04-pr-14090/</link><pubDate>Mon, 04 May 2026 06:56:16 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-04-pr-14090/</guid><description>Critical configuration fix resolves parameter name mismatch that prevented Azure DevOps audit log ingestion entirely.</description></item><item><title>Entra ID Brute Force Detection: Renamed for Broader Windows Device Coverage</title><link>http://sentinelchangelog.net/posts/2026-04-30-pr-14162/</link><pubDate>Thu, 30 Apr 2026 11:04:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-30-pr-14162/</guid><description>Analytic rule renamed from Cloud PC-specific to cover all Entra-authenticated Windows devices, clarifying detection scope without logic changes.</description></item><item><title>ASIM Process Event Parsers: Parameter Standardization Fixes Filtering Logic Inconsistencies</title><link>http://sentinelchangelog.net/posts/2026-04-17-pr-13932/</link><pubDate>Fri, 17 Apr 2026 23:03:12 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-17-pr-13932/</guid><description>ASIM Process Event parser parameter names corrected to match documentation, fixing filtering logic discrepancies that could affect query performance and parser interoperability.</description></item><item><title>Global Secure Access: Threat Intelligence Detection Restored After URL Regex Failure</title><link>http://sentinelchangelog.net/posts/2026-04-16-pr-14052/</link><pubDate>Thu, 16 Apr 2026 12:15:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-16-pr-14052/</guid><description>Fixed broken URL threat intelligence detection and expanded workbook coverage for new Entra traffic type.</description></item><item><title>Microsoft Entra ID Conditional Access Bypass Detection: False Positive Reduction via Benign Status Code Watchlist</title><link>http://sentinelchangelog.net/posts/2026-04-14-pr-14016/</link><pubDate>Tue, 14 Apr 2026 10:34:59 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-14-pr-14016/</guid><description>New watchlist filters out 7 known-benign status codes from Conditional Access bypass detection to reduce false positives from legitimate MFA prompts and session expiration events.</description></item><item><title>Azure Security Benchmark Workbook: Parameter Filtering Logic Fixed</title><link>http://sentinelchangelog.net/posts/2026-04-13-pr-14039/</link><pubDate>Mon, 13 Apr 2026 13:36:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-13-pr-14039/</guid><description>KQL queries in the Azure Security Benchmark workbook now properly filter by selected compliance domains.</description></item><item><title>Microsoft Entra ID: Account Creation/Deletion Detection Enhanced Against Timing Evasion</title><link>http://sentinelchangelog.net/posts/2026-04-13-pr-14049/</link><pubDate>Mon, 13 Apr 2026 10:07:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-13-pr-14049/</guid><description>Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques.</description></item><item><title>Azure Security Benchmark: Updated Labels to Microsoft Cloud Security Benchmark</title><link>http://sentinelchangelog.net/posts/2026-04-10-pr-14007/</link><pubDate>Fri, 10 Apr 2026 07:24:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-10-pr-14007/</guid><description>Replaced &amp;ldquo;Azure Security Benchmark&amp;rdquo; references with &amp;ldquo;Microsoft cloud security benchmark&amp;rdquo; across workbook labels and KQL queries.</description></item><item><title>ASIM AlertEvent Parser: Microsoft Defender XDR Missing AlertOriginalStatus Field Restored</title><link>http://sentinelchangelog.net/posts/2026-04-02-pr-13970/</link><pubDate>Thu, 02 Apr 2026 16:47:47 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-02-pr-13970/</guid><description>Critical data fidelity fix restores missing AlertOriginalStatus field in Microsoft Defender XDR ASIM AlertEvent parser, resolving alert status visibility gap.</description></item><item><title>Microsoft Security Copilot Solution Released to General Availability</title><link>http://sentinelchangelog.net/posts/2026-04-02-pr-13976/</link><pubDate>Thu, 02 Apr 2026 10:15:51 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-02-pr-13976/</guid><description>Microsoft Security Copilot solution v3.0.2 transitions from preview to GA with connector availability status updated.</description></item><item><title>Microsoft A365 Observability Connector: Explicit SecurityAdmin Requirement Removed</title><link>http://sentinelchangelog.net/posts/2026-04-01-pr-13956/</link><pubDate>Wed, 01 Apr 2026 05:30:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-01-pr-13956/</guid><description>Microsoft removed the explicit SecurityAdmin requirement from the A365 Observability connector, but GlobalAdmin — the highest privilege level in Azure AD — is still required. This is not a reduction in required privilege.</description></item><item><title>Microsoft Security Copilot: Six New Detections for AI Assistant Abuse</title><link>http://sentinelchangelog.net/posts/2026-03-27-pr-13735/</link><pubDate>Fri, 27 Mar 2026 05:01:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-27-pr-13735/</guid><description>New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors.</description></item><item><title>Microsoft Copilot Connector: Updated Product Scope Description</title><link>http://sentinelchangelog.net/posts/2026-03-20-pr-13842/</link><pubDate>Fri, 20 Mar 2026 07:56:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-20-pr-13842/</guid><description>Clarifies connector description to specify M365 Copilot and Security Copilot coverage alongside general improvements.</description></item><item><title>A365 Observability Connector: New AI Agent Telemetry Visibility in Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-03-17-pr-13715/</link><pubDate>Tue, 17 Mar 2026 07:07:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-17-pr-13715/</guid><description>New data connector for AI agent behavior monitoring brings telemetry from A365, AI Foundry, and Copilot into Microsoft Sentinel for security investigations.</description></item><item><title>Microsoft Entra ID Assets: Device and Organizational Contact Visibility Expansion</title><link>http://sentinelchangelog.net/posts/2026-03-11-pr-13766/</link><pubDate>Wed, 11 Mar 2026 05:07:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-11-pr-13766/</guid><description>Two new asset tables (EntraDevices, EntraOrgContacts) added to Microsoft Entra ID connector for BloodHound graph building and complete asset enumeration.</description></item><item><title>Azure DevOps Auditing Solution: Description Text Cleanup and Repackaging</title><link>http://sentinelchangelog.net/posts/2026-01-22-pr-13488/</link><pubDate>Thu, 22 Jan 2026 11:11:47 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-01-22-pr-13488/</guid><description>Azure DevOps Auditing solution repackaged with updated description removing outdated streaming configuration text references.</description></item><item><title>Microsoft Defender XDR: SUNSPOT Detection Rule Documentation Update</title><link>http://sentinelchangelog.net/posts/2026-01-22-pr-13485/</link><pubDate>Thu, 22 Jan 2026 11:09:59 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-01-22-pr-13485/</guid><description>Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions.</description></item><item><title>Microsoft Defender XDR: Teams Hunting Queries Version Number Fix</title><link>http://sentinelchangelog.net/posts/2026-01-22-pr-13205/</link><pubDate>Thu, 22 Jan 2026 06:09:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-01-22-pr-13205/</guid><description>Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid &amp;ldquo;l.0.0&amp;rdquo; to proper &amp;ldquo;1.0.0&amp;rdquo; format.</description></item><item><title>Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes</title><link>http://sentinelchangelog.net/posts/2026-01-21-pr-13480/</link><pubDate>Wed, 21 Jan 2026 13:39:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-01-21-pr-13480/</guid><description>Updated outdated links and corrected MITRE ATT&amp;amp;CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions.</description></item><item><title>Microsoft Copilot Connector — Critical Table Name Update from LLMActivity to CopilotActivity</title><link>http://sentinelchangelog.net/posts/2025-12-16-pr-13272/</link><pubDate>Tue, 16 Dec 2025 04:58:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-12-16-pr-13272/</guid><description>Microsoft Copilot connector fixes critical table reference issue, standardizing on official CopilotActivity table name across all components.</description></item><item><title>ASIM Authentication Parsers: Hostname Resolution and Alias Fixes</title><link>http://sentinelchangelog.net/posts/2025-12-03-pr-13232/</link><pubDate>Wed, 03 Dec 2025 21:11:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-12-03-pr-13232/</guid><description>Fixes SrcHostname resolution logic and IpAddr aliases in Microsoft Windows Event and SSH authentication parsers.</description></item></channel></rss>