Published Feb 28, 2025
New LDAP query events will be added to the IdentityQueryEvents table in Advanced Hunting in March 2025, potentially increasing activity and alerts. Review and adjust custom detections as needed. More information is available [here](https://learn.microsoft.com/defender-xdr/custom-detection-rules).
New LDAP query events will be added to the IdentityQueryEvents table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.
When this will happen:
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in early March 2025 and expect to complete by mid-March 2025.
How this will affect your organization:
This update may lead to an increase in activity within the Advanced Hunting IdentityQueryEvents table for LDAP queries. If you have custom detections related to these queries, you may see a higher number of triggered alerts.
This update is available by default.
What you need to do to prepare:
We recommend that you review your existing custom detections to ensure they align with your objectives. If needed, you can adjust your query accordingly.
More information: Create and manage custom detection rules in Microsoft Defender XDR