Skip to Content

MC1190195: Upcoming Changes to Entra Identity Protection Alert Settings in Defender XDR

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1190195: Upcoming Changes to Entra Identity Protection Alert Settings in Defender XDR

Summary

  • Microsoft Defender XDR will offer enhanced configuration options for Entra ID Protection alerts to improve clarity and control.
  • New options will allow admins to choose alert ingestion based on risk levels: High risk, High + Medium risk, or All detections.
  • Default alert ingestion setting will change to only include High severity alerts, potentially reducing alert volume.
  • Updated UI strings and visuals will enhance clarity and usability for admins.
  • No immediate action is required, but admins can explore new options starting December 11, 2025.

Admin Impact: Medium
User Impact: Low
Release Start: 11 Dec 2025
Release End: 11 Dec 2025
Services: Defender XDR
Category: Stay informed
Tags: Feature Update, User Adoption, Admin Action

History

11/26/2025 Item Added to Message Center

Microsoft Message

Introduction

To improve alert clarity and reduce fatigue, Microsoft Defender XDR is introducing enhanced configuration options for identity-related alerts from Entra ID Protection. These updates are based on customer feedback requesting more granular control over risk-based alerting.

When this will happen

This change will begin rolling out as a public preview starting December 11, 2025.

How this affects your organization

Who is affected: Admins using Microsoft Defender XDR with Entra ID Protection.

What will happen:

  • New alert configuration options will be available in the Defender XDR portal.
  • Alert ingestion logic will now be explicitly tied to Entra ID Protection risk levels.
  • Admins can choose which alerts to ingest into Defender XDR based on:
    • High risk detections only
    • High + Medium risk detections
    • All detections
  • Updated UI strings and visuals will improve clarity and usability.
  • The default setting is changing from ingesting alerts of all severities to ingesting only alerts with severity = High. As a result, you may notice a reduction in alert volume, and some alert types will no longer be ingested into Defender XDR. You can always change the default setting to any of the other options – High + Medium or All detections, according to your organization’s needs.

What you can do to prepare

  • No immediate action is required.
  • If you wish to explore the new configuration options:
    • Visit the Microsoft Defender XDR portal after December 11, 2025.
    • Review and adjust alert settings based on your organization’s risk tolerance.
    • Share this update with your security operations team.
    • Learn more: Microsoft Defender XDR alert settings

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.