We’re improving the pipeline of Identity-related tables in Microsoft 365 Defender Advanced hunting. This change is designed to improve the latencies for identity-related data, bringing the delay times to a minimum.
[When this will happen:]
We will roll this change out on August 27, 2023.
[How this will affect your organization:]
As part of the change, the way we generate the ReportId column for the following Identity tables has also changed:
- IdentityLogonEvents
- IdentityQueryEvents
- IdentityDirectoryEvents
After August 27th, 2023, Defender for Identity events that were previously streamed from Advanced hunting will show a mismatch in the ReportId value. There should be no other noticeable changes.
[What you need to do to prepare:]
There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate.
