Not a user yet?
Log in Register for free Suggest a product
Update

New API support for unified agent

Defender for IdentityDefender for Identity
Microsoft
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

September 2025
New API support for unified agent
We are excited to announce the availability of a new Graph-based API for managing unified agent server actions in Microsoft Defender for Identity. This capability is currently in preview and available in API Beta version.

This API allows customers to:

  • Monitor the status of unified agent servers
  • Enable or disable the automatic activation of eligible servers
  • Activate or deactivate the agent on eligible servers

Microsoft Defender for Identity sensor version updates

  • 2.248: The improved event log query method now captures a broader range of unique events at scale. As a result, you might notice an increase in captured activities. This update also delivers additional security enhancements and performance improvements.

Updates to multiple detections to reduce noise and improve alert accuracy

Several Defender for Identity detections are being updated to reduce noise and improve accuracy, making alerts more reliable and actionable. As the rollout continues, you may see a decrease in the number of alerts raised.

The improvements will gradually take effect across the following detections:

  • Suspicious communication over DNS
  • Suspected Netlogon privilege elevation attempt (CVE-2020-1472)
  • Honeytoken authentication activity
  • Remote code execution attempt over DNS
  • Suspicious password reset by Microsoft Entra Connect account
  • Data exfiltration over SMB
  • Suspected skeleton key attack (encryption downgrade)
  • Suspicious modification of Resource Based Constrained Delegation by a machine account
  • Remote code execution attempt

Unified connectors is now available for Okta Single Sign-On connectors (Preview)
Microsoft Defender for Identity supports the Unified connectors experience, starting with the Okta Single Sign-On connector. This enables Defender for Identity to collect Okta system logs once and share them across supported Microsoft security products, reducing API usage and improving connector efficiency.

For more information see: Connect Okta to Microsoft Defender for Identity (Preview)

Version: September 2025 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft Defender for Identity updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Banner Logitech