{"id":11665,"date":"2025-05-20T04:01:27","date_gmt":"2025-05-19T19:01:27","guid":{"rendered":"https:\/\/m365jp.net\/?p=11665"},"modified":"2025-05-20T04:04:26","modified_gmt":"2025-05-19T19:04:26","slug":"mc1052160-updated-microsoft-defender-xdr-services-changes-to-the-identityinfo-table-in-advanced-hunting","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-05-20-mc1052160-updated-microsoft-defender-xdr-services-changes-to-the-identityinfo-table-in-advanced-hunting","title":{"rendered":"MC1052160 | (Updated) Microsoft Defender XDR services: Changes to the IdentityInfo table in Advanced Hunting"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1052160 | (Updated) Microsoft Defender XDR services: Changes to the IdentityInfo table in Advanced Hunting<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>05\/19\/2025 18:09:41<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>04\/10\/2025 01:43:17<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>08\/29\/2025 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>Updated May 19, 2025: We have updated the content. Thank you for your patience.<\/p>\n<p>Coming soon: We will unify the Microsoft Defender for Identity (MDI) and Microsoft Sentinel  <code>IdentityInfo<\/code> tables in Advanced Hunting into a single table.<\/p>\n<p>With this unification, we are adding new identity attributes from the Sentinel UEBA service while also adjusting to support third-party Identity Providers (IDPs). Some of these updates include breaking changes, which may require you to update your existing   queries.  <\/p>\n<p>  <\/p>\n<p>[When this will happen:]<\/p>\n<p>General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early May 2025 and expect to complete by late May 2025.<\/p>\n<p>[How this will affect your organization:]<\/p>\n<p>After this rollout, identity-related insights will be enriched with these new columns:  <\/p>\n<table>  <\/p>\n<tbody>  <\/p>\n<tr>  <\/p>\n<th>Column name<\/th>\n<p>  <\/p>\n<th>Type<\/th>\n<p>  <\/p>\n<th>Description<\/th>\n<p>  <\/p>\n<th>Comment<\/th>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>OnPremObjectId<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>String<\/td>\n<p>  <\/p>\n<td>Active Directory object ID of the user<\/td>\n<p>  <\/p>\n<td>New column<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>TenantMembershipType<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>String<\/td>\n<p>  <\/p>\n<td>\n<p>User type in Microsoft Entra ID. Possible values: <code>Guest<\/code>, <code>Member<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>New column<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>RiskStatus<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>String<\/td>\n<p>  <\/p>\n<td>\n<p>Status of the user&#8217;s risk. Possible values: <code>None<\/code>, <code>ConfirmedSafe<\/code>,  <code>Remediated<\/code>, <code>Dismissed<\/code>, <code>AtRisk<\/code>, <code>ConfirmedCompromised<\/code>,  <code>UnknownFutureValue<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>New column<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>UserAccountControlSettings<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>Dynamic<\/td>\n<p>  <\/p>\n<td>Security attributes of the user account in Active Directory<\/td>\n<p>  <\/p>\n<td>New column<\/td>\n<p>  <\/tr>\n<p>  <\/tbody>\n<p>  <\/table>\n<\/p>\n<p>To help you <b>adjust existing queries,<\/b> this table shows how Sentinel UEBA fields map to the new unified  <code>IdentityInfo<\/code> table\u2019s schema:<\/p>\n<table>  <\/p>\n<tbody>  <\/p>\n<tr>  <\/p>\n<th>Sentinel UEBA Column<\/th>\n<p>  <\/p>\n<th>Unified <code>IdentityInfo<\/code> Column<\/th>\n<p>  <\/p>\n<th>Comments<\/th>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountCloudSID<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>CloudSid<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountSID<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>OnPremSid<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountCreationTime<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>CreatedDateTime<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountDisplayName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>AccountDisplayName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountDomain<br \/>  <\/code><\/p>\n<\/td>\n<td>\n<p><code>AccountDomain<br \/>  <\/code><\/p>\n<\/td>\n<td>Values might be different<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountName<br \/>  <\/code><\/p>\n<\/td>\n<td>\n<p><code>AccountName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>Values might be different<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountTenantId<br \/>  <\/code><\/p>\n<\/td>\n<td>\n<p><code>TenantId<br \/>  <\/code><\/p>\n<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountUPN<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>AccountUpn<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AdditionalMailAddresses<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>OtherMailAddresses<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>MailAddress<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>EmailAddress<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>OnPremisesDistinguishedName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>DistinguishedName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>SAMAccountName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>AccountName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>StreetAddress<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>Address<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>UserType<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>TenantMembershipType<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/tbody>\n<p>  <\/table>\n<\/p>\n<p><i>Breaking Changes<br \/>  <\/i><\/p>\n<p>Changes to support third-party identity providers (IDPs):<\/p>\n<ul>\n<li>To accommodate third-party IDPs, we are modifying these existing columns:<\/li>\n<\/ul>\n<table>  <\/p>\n<tbody>  <\/p>\n<tr>  <\/p>\n<th>Column Name<\/th>\n<p>  <\/p>\n<th>Type<\/th>\n<p>  <\/p>\n<th>Change<\/th>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>IdentityEnvironment<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>String<\/td>\n<p>  <\/p>\n<td>\n<p>Replaces the <code>SourceProvider<\/code> column. Specifies now the environment where the identity is used. Possible values:  <code>CloudOnly<\/code>, <code>Hybrid<\/code>, <code>On-premises<\/code><\/p>\n<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>SourceProviders<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>Dynamic<\/td>\n<p>  <\/p>\n<td>\n<p>New column listing identity sources. Possible values: <code>ActiveDirectory<\/code>,  <code>EntraID<\/code>, <code>Okta<\/code><\/p>\n<\/td>\n<p>  <\/tr>\n<p>  <\/tbody>\n<p>  <\/table>\n<\/p>\n<p>[What you need to do to prepare:]<\/p>\n<p>  <\/p>\n<p>To ensure a smooth transition, we recommend you:<\/p>\n<ul>\n<li>Review the new columns and their impact on your security workflows.  <\/li>\n<li>Prepare to update and adjust any queries, custom alert rules, playbooks, workbooks, watchlists or automations that reference the  <code>IdentityInfo<\/code> table and would be impacted by the changes.  <\/li>\n<li>You may also want to update any relevant internal documentation you might have.<\/li>\n<\/ul>\n<p>This rollout will happen automatically by the specified dates with no admin action required before the rollout.<\/p>\n<p>Learn more: <\/p>\n<ul>\n<li><a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/advanced-hunting-identityinfo-table\" target=\"_blank\">IdentityInfo table in the advanced hunting schema &#8211; Microsoft Defender XDR | Microsoft Learn<\/a>&nbsp;<\/li>\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoftsentinelblog\/the-power-of-a-unified-siemxdr-identityinfo-schema\/4410824\" target=\"_blank\">The Power of a Unified SIEM+XDR IdentityInfo Schema | Microsoft Community Hub<\/a><\/li>\n<\/ul>\n<p>  <\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>2025\u5e745\u670819\u65e5\u66f4\u65b0:\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\u3054\u7406\u89e3\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n<p>\u8fd1\u65e5\u516c\u958b\u4e88\u5b9a: Advanced Hunting \u306e Microsoft Defender for Identity (MDI) \u30c6\u30fc\u30d6\u30eb\u3068 Microsoft Sentinel  <code>IdentityInfo<\/code> \u30c6\u30fc\u30d6\u30eb\u3092 1 \u3064\u306e\u30c6\u30fc\u30d6\u30eb\u306b\u7d71\u5408\u3057\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u7d71\u5408\u306b\u3088\u308a\u3001Sentinel UEBA\u30b5\u30fc\u30d3\u30b9\u304b\u3089\u65b0\u3057\u3044ID\u5c5e\u6027\u3092\u8ffd\u52a0\u3059\u308b\u3068\u540c\u6642\u306b\u3001\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u306eID\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc(IDP)\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u3088\u3046\u306b\u8abf\u6574\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u66f4\u65b0\u306e\u4e00\u90e8\u306b\u306f\u7834\u58ca\u7684\u5909\u66f4\u304c\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u65e2\u5b58\u306e\u30af\u30a8\u30ea\u306e\u66f4\u65b0\u304c\u5fc5\u8981\u306b\u306a\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>  <\/p>\n<p>[\u3053\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u304b:]<\/p>\n<p>\u4e00\u822c\u63d0\u4f9b (\u5168\u4e16\u754c\u3001GCC\u3001GCC High\u3001DoD): 2025 \u5e74 5 \u6708\u521d\u65ec\u306b\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u3092\u958b\u59cb\u3057\u30012025 \u5e74 5 \u6708\u4e0b\u65ec\u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n<p>[\u3053\u308c\u304c\u3042\u306a\u305f\u306e\u7d44\u7e54\u306b\u3069\u306e\u3088\u3046\u306b\u5f71\u97ff\u3057\u307e\u3059\u304b:]<\/p>\n<p>\u3053\u306e\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u5f8c\u3001ID \u95a2\u9023\u306e\u5206\u6790\u60c5\u5831\u306f\u3001\u6b21\u306e\u65b0\u3057\u3044\u5217\u3067\u5f37\u5316\u3055\u308c\u307e\u3059\u3002<\/p>\n<table>  <\/p>\n<tbody>  <\/p>\n<tr>  <\/p>\n<th>\u5217\u540d\u3001<\/th>\n<p>  <\/p>\n<th>\u30bf\u30a4\u30d7<\/th>\n<p>  <\/p>\n<th>\u3001\u8aac\u660e<\/th>\n<p>  <\/p>\n<th>\u3001\u30b3\u30e1\u30f3\u30c8<\/th>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>OnPremObjectId<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u7cf8<\/td>\n<p>  <\/p>\n<td>\u30e6\u30fc\u30b6\u30fc\u306e Active Directory \u30aa\u30d6\u30b8\u30a7\u30af\u30c8 ID<\/td>\n<p>  <\/p>\n<td>\u65b0\u3057\u3044\u5217<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>TenantMembershipType<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u7cf8<\/td>\n<p>  <\/p>\n<td>\n<p>Microsoft Entra ID \u306e\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3002\u53ef\u80fd\u306a\u5024: <code>Guest<\/code>\u3001 <code>Member<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u65b0\u3057\u3044\u5217<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>RiskStatus<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u7cf8<\/td>\n<p>  <\/p>\n<td>\n<p>\u30e6\u30fc\u30b6\u30fc\u306e\u30ea\u30b9\u30af\u306e\u30b9\u30c6\u30fc\u30bf\u30b9\u3002\u53ef\u80fd\u306a\u5024: <code>None<\/code>\u3001 <code>ConfirmedSafe<\/code>\u3001 <code>Remediated<\/code>\u3001  <code>Dismissed<\/code>\u3001 <code>AtRisk<\/code>\u3001 <code>ConfirmedCompromised<\/code>\u3001 <code>  UnknownFutureValue<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u65b0\u3057\u3044\u5217<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>UserAccountControlSettings<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u52d5\u7684<\/td>\n<p>  <\/p>\n<td>Active Directory \u306e\u30e6\u30fc\u30b6\u30fc \u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5c5e\u6027<\/td>\n<p>  <\/p>\n<td>\u65b0\u3057\u3044\u5217<\/td>\n<p>  <\/tr>\n<p>  <\/tbody>\n<p>  <\/table>\n<\/p>\n<p><b>\u65e2\u5b58\u306e\u30af\u30a8\u30ea\u3092\u8abf\u6574\u3059\u308b\u305f\u3081\u306b\u3001<\/b>\u6b21\u306e\u8868\u306f\u3001Sentinel UEBA\u30d5\u30a3\u30fc\u30eb\u30c9\u304c\u65b0\u3057\u3044\u7d71\u5408<code>IdentityInfo<\/code>\u30c6\u30fc\u30d6\u30eb\u306e\u30b9\u30ad\u30fc\u30de\u306b\u3069\u306e\u3088\u3046\u306b\u30de\u30c3\u30d7\u3055\u308c\u308b\u304b\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<table>  <\/p>\n<tbody>  <\/p>\n<tr>  <\/p>\n<th>Sentinel UEBA\u30b3\u30e9\u30e0<\/th>\n<p>  <\/p>\n<th>\u7d71\u5408 <code>IdentityInfo<\/code> \u30b3\u30e9\u30e0<\/th>\n<p>  <\/p>\n<th>\u30b3\u30e1\u30f3\u30c8<\/th>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountCloudSID<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>CloudSid<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountSID<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>OnPremSid<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountCreationTime<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>CreatedDateTime<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountDisplayName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>AccountDisplayName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountDomain<br \/>  <\/code><\/p>\n<\/td>\n<td>\n<p><code>AccountDomain<br \/>  <\/code><\/p>\n<\/td>\n<td>\u5024\u304c\u7570\u306a\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountName<br \/>  <\/code><\/p>\n<\/td>\n<td>\n<p><code>AccountName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u5024\u304c\u7570\u306a\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountTenantId<br \/>  <\/code><\/p>\n<\/td>\n<td>\n<p><code>TenantId<br \/>  <\/code><\/p>\n<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AccountUPN<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>AccountUpn<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>AdditionalMailAddresses<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>OtherMailAddresses<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>MailAddress<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>EmailAddress<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>OnPremisesDistinguishedName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>DistinguishedName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>SAMAccountName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>AccountName<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>StreetAddress<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>Address<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>UserType<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\n<p><code>TenantMembershipType<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td><\/td>\n<p>  <\/tr>\n<p>  <\/tbody>\n<p>  <\/table>\n<\/p>\n<p><i>\u7834\u58ca\u7684\u5909\u66f4<\/i><\/p>\n<p>\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u306e ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc (IDP) \u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u305f\u3081\u306e\u5909\u66f4:<\/p>\n<ul>\n<li>\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u306e IDP \u306b\u5bfe\u5fdc\u3059\u308b\u305f\u3081\u3001\u6b21\u306e\u65e2\u5b58\u306e\u5217\u3092\u5909\u66f4\u3057\u3066\u3044\u307e\u3059\u3002<\/li>\n<\/ul>\n<table>  <\/p>\n<tbody>  <\/p>\n<tr>  <\/p>\n<th>\u5217\u540d<\/th>\n<p>  <\/p>\n<th>\u306e\u7a2e\u985e<\/th>\n<p>  <\/p>\n<th>\u306e\u5909\u66f4<\/th>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>IdentityEnvironment<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u7cf8<\/td>\n<p>  <\/p>\n<td>\n<p><code>SourceProvider<\/code>\u5217\u3092\u7f6e\u304d\u63db\u3048\u307e\u3059\u3002\u3053\u3053\u3067\u3001ID \u304c\u4f7f\u7528\u3055\u308c\u308b\u74b0\u5883\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002\u53ef\u80fd\u306a\u5024: <code>CloudOnly<\/code>\u3001<code>Hybrid<\/code>\u3001<code>On-premises<\/code><\/p>\n<\/td>\n<p>  <\/tr>\n<p>  <\/p>\n<tr>  <\/p>\n<td>\n<p><code>SourceProviders<\/code><\/p>\n<\/td>\n<p>  <\/p>\n<td>\u52d5\u7684<\/td>\n<p>  <\/p>\n<td>\n<p>ID \u30bd\u30fc\u30b9\u3092\u4e00\u89a7\u8868\u793a\u3059\u308b\u65b0\u3057\u3044\u5217\u3002\u53ef\u80fd\u306a\u5024: <code>ActiveDirectory<\/code>\u3001 <code>EntraID<\/code>\u3001 <code>  Okta<\/code><\/p>\n<\/td>\n<p>  <\/tr>\n<p>  <\/tbody>\n<p>  <\/table>\n<\/p>\n<p>\u3010\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068\u3011<\/p>\n<p>  <\/p>\n<p>\u30b9\u30e0\u30fc\u30ba\u306a\u79fb\u884c\u3092\u78ba\u5b9f\u306b\u3059\u308b\u305f\u3081\u306b\u3001\u6b21\u306e\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u65b0\u3057\u3044\u5217\u3068\u3001\u305d\u308c\u3089\u304c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306b\u4e0e\u3048\u308b\u5f71\u97ff\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/li>\n<li><code>IdentityInfo<\/code> \u30c6\u30fc\u30d6\u30eb\u3092\u53c2\u7167\u3057\u3001\u5909\u66f4\u306e\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30af\u30a8\u30ea\u3001\u30ab\u30b9\u30bf\u30e0 \u30a2\u30e9\u30fc\u30c8 \u30eb\u30fc\u30eb\u3001\u30d7\u30ec\u30a4\u30d6\u30c3\u30af\u3001\u30ef\u30fc\u30af\u30d6\u30c3\u30af\u3001\u30a6\u30a9\u30c3\u30c1\u30ea\u30b9\u30c8\u3001\u307e\u305f\u306f\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u3092\u66f4\u65b0\u304a\u3088\u3073\u8abf\u6574\u3059\u308b\u6e96\u5099\u3092\u3057\u307e\u3059\u3002<\/li>\n<li>\u307e\u305f\u3001\u95a2\u9023\u3059\u308b\u5185\u90e8\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u66f4\u65b0\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ul>\n<p>\u3053\u306e\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u306f\u3001\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u524d\u306b\u7ba1\u7406\u8005\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u5fc5\u8981\u3068\u305b\u305a\u306b\u3001\u6307\u5b9a\u3055\u308c\u305f\u65e5\u4ed8\u307e\u3067\u306b\u81ea\u52d5\u7684\u306b\u884c\u308f\u308c\u307e\u3059\u3002<\/p>\n<p>\u8a73\u7d30\u60c5\u5831\uff1a <\/p>\n<ul>\n<li><a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/advanced-hunting-identityinfo-table\" target=\"_blank\">\u9ad8\u5ea6\u306a\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0 \u30b9\u30ad\u30fc\u30de\u306e IdentityInfo \u30c6\u30fc\u30d6\u30eb &#8211; Microsoft Defender XDR |\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30e9\u30fc\u30f3<\/a>&nbsp;<\/li>\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoftsentinelblog\/the-power-of-a-unified-siemxdr-identityinfo-schema\/4410824\" target=\"_blank\">\u7d71\u5408 SIEM+XDR IdentityInfo \u30b9\u30ad\u30fc\u30de\u306e\u529b |\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30b3\u30df\u30e5\u30cb\u30c6\u30a3 \u30cf\u30d6<\/a><\/li>\n<\/ul>\n<p>  <\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1052160 | (Updated) Microsoft Defender XDR services: Changes to the IdentityInfo table in Advanced Hunting C [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11665","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/11665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=11665"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/11665\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=11665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=11665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=11665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}