Skip to Content

MC1228328: Upcoming Changes to Entra Identity Protection Alert Settings in Defender XDR

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1228328: Upcoming Changes to Entra Identity Protection Alert Settings in Defender XDR

Summary

  • Enhanced configuration options for identity-related alerts in Microsoft Defender XDR will be introduced.
  • Admins can customize alert ingestion based on risk levels, choosing between High-risk, High and Medium-risk, or all detections.
  • The default setting will switch to ingesting only High-risk detections, potentially reducing alert volume.
  • Updated user interface elements will enhance clarity and usability.
  • No immediate action is required; adjustments can be made after the rollout.

Admin Impact: Medium
User Impact: Low
Release Start: 15 Feb 2026
Release End: 15 Feb 2026
Services: Defender XDR, Entra
Category: Stay informed
Tags: Feature Update, Admin Action

History

2/6/2026 Item Added to Message Center

Microsoft Message

Introduction

To help reduce alert fatigue and improve clarity, Microsoft Defender XDR is introducing enhanced configuration options for managing identity-related alerts originating from Entra ID Protection. These updates provide more granular control based on customer feedback requesting improved customization of risk-based alert ingestion.

When this will happen

General Availability (Worldwide): Rollout will begin in mid-February 2026 and complete by mid-February 2026.

How this affects your organization

Who is affected:

Admins using Microsoft Defender XDR with Entra ID Protection.

What will happen:

  • New alert configuration options will be available in the Defender XDR portal.
  • Alert ingestion will be explicitly tied to Entra ID Protection risk levels.
  • Admins can choose to ingest:
    • Only High-risk detections
    • High and Medium-risk detections
    • All detections
  • Updated UI strings and visuals will improve clarity and usability.
  • The default setting is changing from ingesting all risk levels to ingesting only High-risk detections.
  • You may notice a reduction in alert volume because some detection types will no longer be ingested under the new default.
  • You can modify the setting at any time to align with your organization’s risk tolerance.

What you can do to prepare

No immediate action is required.

  • After February 16, 2026, visit the Microsoft Defender XDR portal.
  • Review and adjust identity alert ingestion settings based on your organization’s needs.
  • Share this update with your security operations team.
  • Review additional documentation when available.

Learn more: Microsoft Defender XDR alert settings

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.