Identity Security Insights 24.11 release notes
November 5, 2024
New Features
Defend larger environments by using Azure Event Hub to set up the Insights Microsoft Azure Connector
We've added the option to set up our Microsoft Azure Connector using Microsoft's Azure Event Hub, which changes the existing pull mechanism to a push-based approach for importing sign-in log events into Insights.
This option solves the rate-limits challenge when retrieving logs in large environments with over 100,000 users. Integrating these logs allows Insights to more effectively correlate data and deliver detections and recommendations.
Note
For more information, see Microsoft Azure.
Enhancements
We've replaced the Privileged Account tile on your Insights Home page with a new True Privileged Accounts tile that displays your total number of accounts with a privilege level of Highest and High.
- Direct paths: The clear permissions of an account (such as a user with an admin role directly within an application or system)
- Indirect paths: The paths that occur when an account gains extra access through a connection (such as a user within a group with admin rights, but the user does not hold a role of admin).
Note
For more information, see Tenant console.
You can now sort search results by privilege level on the Accounts and Detections pages with two new columns:
- Direct privilege column: Sorts data by direct privileges, which are the inherent rights of an account. Use this data to review and, if necessary, take action on the direct privileges across your accounts.
- True Privilege column: Sorts data by True Privilege, which is the full scope of access an account could potentially gain by escalation. This data helps you see what detections and recommendations put highly privileged accounts at risk.
These column filter values include Highest, High, Moderate, Low, None, Undetermined.
Note
For more information, see Accounts and Detections.