(Preview) Advanced hunting now lets you investigate Microsoft Defender for Cloud behaviors.

August 2025

• (GA) Microsoft Defender Experts for XDR and Microsoft Defender Experts for Hunting customers can now expand their service coverage to include server and cloud workloads protected by Microsoft Defender for Cloud through the respective add-ons, Microsoft Defender Experts for Servers and Microsoft Defender Experts for Hunting - Servers. Learn more
• (GA) Defender Experts for XDR customers can now incorporate third-party network signals for enrichment, which could allow our security analysts to not only gain a more comprehensive view of an attack's path that allows for faster and more thorough detection and response, but also provide customers with a more holistic view of the threat in their environments.
• (GA) In advanced hunting, you can now view all your user-defined rules—both custom detection rules and analytics rules—in the Detection rules page. This feature also brings the following improvements:
• You can now filter for every column (in addition to Frequency and Organizational scope).
• For multiworkspace organizations that have onboarded multiple workspaces to Microsoft Defender, you can now view the Workspace ID column and filter by workspace.
• You can now view the details pane even for analytics rules.
• You can now perform the following actions on analytics rules: Turn on/off, Delete, Edit.
• (Preview) In advanced hunting, the number of query results displayed in the Microsoft Defender portal has been increased to 100,000.
• (Preview) The CloudStorageAggregatedEvents table in advanced hunting is now available for preview. This table contains information about storage activity and related events.
• (Preview) Advanced hunting now lets you investigate Microsoft Defender for Cloud behaviors. For more information, see Investigate behaviors with advanced hunting.