Identity hunting with an enhanced IdentityInfo table

by Or Tsemah

Advanced hunting with an enhanced IdentityInfo table

Back in June 2023, we announced the enhanced IdentityInfo table in Microsoft 365 advanced hunting for Microsoft Defender for Identity customers. Today, we are expanding the availability of this table for all Microsoft defender for Cloud apps customers as part of our journey to enable this experience for all Microsoft 365 Defender customers.

thumbnail image 1 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							Identity hunting with an enhanced IdentityInfo table

What do I get?

With this new table, security analysts have much broader experience with identity-based hunting, allowing them to query more attributes from all detected providers, such as Entra ID assigned roles or Defender for Identity Sensitivity tags for on-premises Active Directory identities, to further enhance their experience and create new powerful queries and custom detections.

Do I need to do anything?

No, the new updated table will appear for all Defender for Identity and cloud apps automatically.

Where can I learn more?

You can view the updated schema details here.

What’s next?

We are constantly working on expanding the available schema with more attributes, stay tuned.