{"id":15024,"date":"2026-02-19T04:03:29","date_gmt":"2026-02-18T19:03:29","guid":{"rendered":"https:\/\/m365jp.net\/?p=15024"},"modified":"2026-02-19T04:06:10","modified_gmt":"2026-02-18T19:06:10","slug":"mc1234542-retirement-of-suspected-identity-theft-pass-the-ticket-classic-alert","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-02-19-mc1234542-retirement-of-suspected-identity-theft-pass-the-ticket-classic-alert","title":{"rendered":"MC1234542 | Retirement of \u201cSuspected identity theft (pass-the-ticket)\u201d classic alert"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1234542 | Retirement of \u201cSuspected identity theft (pass-the-ticket)\u201d classic alert<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>02\/18\/2026 18:21:24<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>02\/18\/2026 18:20:53<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>04\/22\/2026 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2026-03-16T07:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p><b>[Introduction]<\/b><\/p>\n<p>To streamline our alert catalog and focus investment on our unified Microsoft Defender XDR detection capabilities, we\u2019re retiring the \u201cSuspected identity theft (pass\u2011the\u2011ticket)\u201d classic alert (External ID: 2018). This retirement aligns with our move toward   consolidated XDR alerting and improved detection fidelity. <\/p>\n<p>We recommend using the \u201cPass\u2011the\u2011Ticket (PtT) attack\u201d alert (Detector ID: xdr_PassTheTicketAttack), where ongoing development and enhancements will continue.<\/p>\n<p><b>[When this will happen]<\/b><\/p>\n<p>We\u2019ll retire the classic alert between <b>March 18, 2026<\/b> and <b>March 22, 2026<\/b>.<\/p>\n<p><b>[How this affects your organization]<\/b><\/p>\n<p>Who is affected:<\/p>\n<ul>\n<li>Organizations using Microsoft Defender for Identity within Microsoft Defender XDR services.<\/li>\n<li>Security operations teams and administrators who rely on classic alerting.<\/li>\n<\/ul>\n<p>What will happen:<\/p>\n<ul>\n<li>The \u201cSuspected identity theft (pass\u2011the\u2011ticket)\u201d classic alert (External ID: 2018) will stop generating new alerts after retirement.<\/li>\n<li>Existing historical alerts will remain accessible in your environment.<\/li>\n<li>The \u201cPass\u2011the\u2011Ticket (PtT) attack\u201d XDR detector (ID: xdr_PassTheTicketAttack) will continue to operate and should be used going forward.<\/li>\n<li>No changes will be made to user experiences outside security operations.<\/li>\n<\/ul>\n<p><b>[What you can do to prepare]<\/b><\/p>\n<p>No admin action is required for this change, but we recommend the following to ensure continuity in your security workflows:<\/p>\n<ul>\n<li>Update alert triage processes, workflows, and automation to reference the XDR detector IDs.<\/li>\n<li>Reconfigure alert exclusions or tuning rules using<b> XDR Alert Tuning<\/b>.<\/li>\n<li>Notify security and operations teams of the upcoming retirement.<\/li>\n<li>Update internal documentation to reference the new alert name and detector ID.<\/li>\n<li>Review Microsoft documentation for configuring XDR Alert Tuning.<\/li>\n<\/ul>\n<p><b>[Compliance considerations]<\/b><\/p>\n<p>No compliance considerations identified. Review as appropriate for your organization.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1234542 | Retirement of \u201cSuspected identity theft (pass-the-ticket)\u201d classic alert Classification planForCha [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15024","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/15024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=15024"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/15024\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=15024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=15024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=15024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}