Microsoft 365 Message Center Archive

MC1187390 - Unified sensor (v3.x) – new Remote Procedure Call (RPC) configuration health alert for Microsoft Defender for Identity

Message ID

MC1187390

View in Message Center

Service

Microsoft Defender XDR

Last Updated

Nov 19, 2025

Published Nov 17, 2025

Tag

Updated message
New feature
Admin impact

Summary

Microsoft Defender for Identity will roll out a new RPC Configuration Health Alert for v3.x sensors starting January 2026. It monitors RPC settings, improves detection accuracy, and uses the Unified Sensor RPC Audit tag for configuration enforcement and visibility in Device Inventory and Advanced Hunting.

More information

Updated November 19, 2025: We have updated the timeline. Thank you for your patience.

Introduction

We’re introducing a new Remote Procedure Call (RPC) Configuration Health Alert for sensors v3.x in Microsoft Defender for Identity. This capability proactively monitors RPC configuration across your environment, helping administrators quickly identify and remediate misconfigurations that could impact detection accuracy or security posture. Additionally, applying the Unified Sensor RPC Audit tag enables advanced identity detections, improving security visibility and unlocking additional detection capabilities.

When this will happen:

General availability (Production, GCC, GCCH): We will begin rolling out early January 2026 (previously early December 2025) and expect to complete by mid-January 2026 (previously mid-December 2025).

How this affects your organization:

  • Who is affected: Admins managing Microsoft Defender for Identity v3.x sensors.
  • What will happen:
    • A new health alert will monitor RPC configuration status on v3.x sensors.
    • Applying the Unified Sensor RPC Audit tag will enforce configuration on existing and future v3.x sensors that match rule criteria.
    • The tag will be visible in Device Inventory and Advanced Hunting, providing transparency and auditing capabilities.
    • This feature improves detection accuracy and overall security coverage.

What you can do to prepare:

To apply the RPC Audit tag on your v3.x sensors:

  1. In the Microsoft Defender portal, navigate to: System > Settings > Microsoft Defender XDR > Asset Rule Management.
  2. Select Create a new rule.
  3. Enter a Rule name and Description, then set conditions using Device name, Domain, or Device tag. Ensure the Defender for Identity v3.x sensor is deployed on targeted devices.
  4. Add the tag Unified Sensor RPC Audit.
  5. Review and submit the rule.
For more details, refer to Microsoft Defender for Identity documentation.

Compliance considerations:

No compliance considerations identified; review as appropriate for your organization.