| MC1234542 | Retirement of “Suspected identity theft (pass-the-ticket)” classic alert |
|---|
| Classification | planForChange |
|---|---|
| Last Updated | 02/18/2026 18:21:24 |
| Start Time | 02/18/2026 18:20:53 |
| End Time | 04/22/2026 07:00:00 |
| Action Required By Date | 2026-03-16T07:00:00Z |
| Message Content |
[Introduction] To streamline our alert catalog and focus investment on our unified Microsoft Defender XDR detection capabilities, we’re retiring the “Suspected identity theft (pass‑the‑ticket)” classic alert (External ID: 2018). This retirement aligns with our move toward consolidated XDR alerting and improved detection fidelity. We recommend using the “Pass‑the‑Ticket (PtT) attack” alert (Detector ID: xdr_PassTheTicketAttack), where ongoing development and enhancements will continue. [When this will happen] We’ll retire the classic alert between March 18, 2026 and March 22, 2026. [How this affects your organization] Who is affected:
What will happen:
[What you can do to prepare] No admin action is required for this change, but we recommend the following to ensure continuity in your security workflows:
[Compliance considerations] No compliance considerations identified. Review as appropriate for your organization. |