You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-identity/whats-new.md
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,14 @@ For updates about versions and features released six months ago or earlier, see
25
25
26
26
## November 2025
27
27
28
+
Defender for Identity now offers an opt-in automatic event-auditing configuration for unified sensors (V3.x). This feature streamlines deployment by automatically applying required Windows auditing settings to new sensors and fixing misconfigurations on existing ones. Admins can enable the option in the Defender for Identity Settings -> Advanced Features or via Graph API. The capability and its related health alerts will roll out globally beginning mid-November 2025.
29
+
**Releated Health alerts:**
30
+
- NTLM Auditing is not enabled
31
+
- Directory Services Advanced Auditing is not enabled as required
32
+
- Directory Services Object Auditing is not enabled as required
33
+
- Auditing on the Configuration container is not enabled as required
34
+
- Auditing on the ADFS container is not enabled as required
35
+
28
36
### New security posture assessment: Change password for on-prem account with potentially leaked credentials (Preview)
29
37
30
38
The new security posture assessment lists users whose valid credentials have been leaked. For more information, see: [Change password for on-prem account with potentially leaked credentials (Preview)](/defender-for-identity/security-posture-assessments/accounts#change-password-for-on-prem-account-with-potentially-leaked-credentials-preview)
0 commit comments