“Behaviors” data type in Microsoft Defender for Cloud Apps

June 2025
“Behaviors” data type in Microsoft Defender for Cloud Apps - General Availability
The Behaviors data type significantly enhances overall threat detection accuracy by reducing alerts on generic anomalies and surfacing alerts only when observed patterns align with real security scenarios. You can now use Behaviors to conduct investigations in Advanced Hunting, build better custom detections based on behavioral signals, and benefit from automatic inclusion of context-related behaviors into incidents. This provides clearer context and helps security operations teams to reduce alert fatigue, prioritize, and respond more efficiently.

New Dynamic Threat Detection model
Microsoft Defender for Cloud Apps new dynamic threat detection model continuously adapts to the ever-changing SaaS apps threat landscape. This approach ensures your organization remains protected with up-to-date detection logic without the need for manual policy updates or reconfiguration. Several legacy anomaly detection policies have already been seamlessly transitioned to this adaptive model, delivering smarter and more responsive security coverage.