🚀🚀 Weekly Microsoft Security Update -March 27, 2026 🚀🚀

00:00-Introduction 00:33-Microsoft Defender for Identity: MDI alerts migrated to the unified Defender alerting experience 02:37-Microsoft New Health Alert: Sensor v3.x RPC Audit misconfigured 04:59-Microsoft Defender for Identity: Identity inventory enhancements 06:41-Microsoft Defender for Identity: Identity inventory enhancements -2 09:00-Microsoft Defender for Identity: Identity inventory enhancements- 3 10:45-Defender for Identity: Automatic Windows event auditing configuration for sensors v3.x 13:11-Thank You. 1) Microsoft Defender for Identity: MDI alerts migrated to the unified Defender alerting experience Microsoft is migrating Defender for Identity alerts to the unified Defender XDR experience. This brings MDI alerts into a consistent, centralized alerting model across Defender products—making investigation and response more efficient for SOC teams Reference a. https://learn.microsoft.com/en-us/defender-for-identity/alerts-xdr 2) Microsoft New Health Alert: Sensor v3.x RPC Audit misconfigured New health alert in Microsoft Defender for Identity helps detect v3.x sensors with missing or misconfigured Enhanced RPC auditing—required for some advanced identity detections. Gradual rollout in progress. Reference a. https://learn.microsoft.com/en-us/defender-for-identity/deploy/prerequisites-sensor-version-3#configure-rpc-auditing b. https://learn.microsoft.com/en-us/defender-for-identity/health-alerts 3) Microsoft Defender for Identity: Identity inventory enhancements : Identity Inventory now includes a new Accounts tab, providing a unified view of all accounts linked to an identity across Active Directory, Microsoft Entra ID, and supported non‑Microsoft IdPs. Admins can also manually link or unlink accounts directly from the inventory, improving identity visibility and investigation accuracy Reference a. https://learn.microsoft.com/en-us/defender-for-identity/manage-related-identities-accounts 4) Microsoft Defender for Identity update: Identity Inventory now supports identity‑level remediation actions, allowing security teams to disable accounts or reset passwords across one or more accounts linked to an identity—directly from the inventory. A strong step toward faster and more centralized identity response Reference a. https://learn.microsoft.com/en-us/defender-for-identity/remediation-actions#supported-actions 5) Microsoft Defender for Identity update: Advanced Hunting now includes a new IdentityAccountInfo table, providing enriched account details from sources like Microsoft Entra ID and linking accounts directly to their owning identities. This enhances identity visibility and hunting across environments Reference a. https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-identityaccountinfo-table 6) Defender for Identity: Automatic Windows event auditing configuration for sensors v3.x Microsoft Defender for Identity update: Sensors v3.x now support automatic Windows event‑auditing configuration, helping ensure required auditing is correctly set for identity detections. The feature includes related health alerts and can be enabled under System → Settings → Identities → Advanced Features. Reference https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-windows-event-collection#configure-defender-for-identity-to-collect-windows-events-automatically-preview #MicrosoftDefender #DefenderForIdentity #IdentitySecurity #XDR #CyberSecurity #SOC #ZeroTrust #MicrosoftSecurity