MC1019307 - Microsoft Defender XDR services: New LDAP query events added to the IdentityQueryEvents table in Advanced Hunting

New LDAP query events will be added to the IdentityQueryEvents table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.

When this will happen:

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in early March 2025 and expect to complete by mid-March 2025.

How this will affect your organization:

This update may lead to an increase in activity within the Advanced Hunting IdentityQueryEvents table for LDAP queries. If you have custom detections related to these queries, you may see a higher number of triggered alerts.

This update is available by default. 

What you need to do to prepare:

We recommend that you review your existing custom detections to ensure they align with your objectives. If needed, you can adjust your query accordingly.

More information: Create and manage custom detection rules in Microsoft Defender XDR