← Back
Unified sensor (v3.x) – new Remote Procedure Call (RPC) configuration health alert for Microsoft Defender for Identity
MC1187390 · build prod-20251231-200323
Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-11-19 17:30:54
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
2026-01-01 00:00:00
Services
Microsoft Defender XDR
Tags
Updated message, New feature, Admin impact
Master tags
Security
Roadmap IDs

One-line summary

Defender for Identity adds RPC Configuration Health Alert for v3.x sensors, enabling proactive misconfiguration detection and advanced identity detections via the Unified Sensor RPC Audit tag.

Similar updates

More like this
MC1193410 Automatic Windows event auditing configuration availability for unified sensors (V3.x)
Automatic Windows event auditing configuration availability for unified sensors (V3.x) A new opt-in feature in Defender for Identity unified sensors (v3.x) will automate Windows event-auditing configuration, simplifying deployment and ensuring consistent policy enforcement starting January 2026. [Introduction] We’re introducing a new opt-in.
MC1187403 (Updated) Automatic Windows event auditing configuration now available for unified sensors (V3.x)
(Updated) Automatic Windows event auditing configuration now available for unified sensors (V3.x) A new opt-in feature for automatic event-auditing configuration in Defender for Identity unified sensors (V3.x) will be available starting mid-December 2025, simplifying deployment and policy enforcement. Updated November 19, 2025: We have updated.
MC1179155 (Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score
(Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score Microsoft Secure Score adds new improvement actions based on Defender for Identity, recommending password changes for on-prem accounts with leaked credentials; rollout starts early Nov 2025. Introduction To help organizations better assess and improve.
MC1187386 Microsoft Defender for Identity alerts transitioning to XDR-based detection platform
Microsoft Defender for Identity alerts transitioning to XDR-based detection platform Defender for Identity classic alerts will shift to the XDR detection platform starting mid-December 2025; update workflows and alert exclusions to use new XDR Detector IDs. [Introduction] Microsoft Defender for Identity classic alerts will transition to the XDR.
MC1169078 Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities
Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities Defender for Cloud Apps expands dynamic threat detection, replacing legacy policies with new, research-driven detections; rollout starts early November 2025 and completes by end of November. [Introduction:] To improve threat detection accuracy and responsiveness,.
MC992217 (Updated) Microsoft Defender: Changes to Defender for Cloud Apps alerts
(Updated) Microsoft Defender: Changes to Defender for Cloud Apps alerts Defender for Cloud Apps alerts in Defender XDR will update alert source fields and alert ID prefixes for new alerts, affecting APIs, SIEM, and custom automations; rollout completes by late June 2025. Coming soon for Microsoft Defender for Cloud Apps: A change to alerts.

Details

Summary
Microsoft Defender for Identity will roll out a new RPC Configuration Health Alert for v3.x sensors starting January 2026. It monitors RPC settings, improves detection accuracy, and uses the Unified Sensor RPC Audit tag for configuration enforcement and visibility in Device Inventory and Advanced Hunting.

Body (from Message Center)

Updated November 19, 2025: We have updated the timeline. Thank you for your patience.

[Introduction]

We’re introducing a new Remote Procedure Call (RPC) Configuration Health Alert for sensors v3.x in Microsoft Defender for Identity. This capability proactively monitors RPC configuration across your environment, helping administrators quickly identify and remediate misconfigurations that could impact detection accuracy or security posture. Additionally, applying the Unified Sensor RPC Audit tag enables advanced identity detections, improving security visibility and unlocking additional detection capabilities.

[When this will happen:]

General availability (Production, GCC, GCCH): We will begin rolling out early January 2026 (previously early December 2025) and expect to complete by mid-January 2026 (previously mid-December 2025).

[How this affects your organization:]

  • Who is affected: Admins managing Microsoft Defender for Identity v3.x sensors.
  • What will happen:
    • A new health alert will monitor RPC configuration status on v3.x sensors.
    • Applying the Unified Sensor RPC Audit tag will enforce configuration on existing and future v3.x sensors that match rule criteria.
    • The tag will be visible in Device Inventory and Advanced Hunting, providing transparency and auditing capabilities.
    • This feature improves detection accuracy and overall security coverage.

[What you can do to prepare:]

To apply the RPC Audit tag on your v3.x sensors:

  1. In the Microsoft Defender portal, navigate to: System > Settings > Microsoft Defender XDR > Asset Rule Management.
  2. Select Create a new rule.
  3. Enter a Rule name and Description, then set conditions using Device name, Domain, or Device tag. Ensure the Defender for Identity v3.x sensor is deployed on targeted devices.
  4. Add the tag Unified Sensor RPC Audit.
  5. Review and submit the rule.
For more details, refer to Microsoft Defender for Identity documentation.

[Compliance considerations:]

No compliance considerations identified; review as appropriate for your organization.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": "2026-01-01T00:00:00Z",
    "ai_actions": [
      "Review and apply Unified Sensor RPC Audit tag to v3.x sensors",
      "Create Asset Rule Management rules as needed"
    ],
    "ai_master_tags": [
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Defender for Identity adds RPC Configuration Health Alert for v3.x sensors, enabling proactive misconfiguration detection and advanced identity detections via the Unified Sensor RPC Audit tag.",
    "ai_topics": [
      "Defender"
    ],
    "category": "stayInformed",
    "details_map": {
      "Summary": "Microsoft Defender for Identity will roll out a new RPC Configuration Health Alert for v3.x sensors starting January 2026. It monitors RPC settings, improves detection accuracy, and uses the Unified Sensor RPC Audit tag for configuration enforcement and visibility in Device Inventory and Advanced Hunting."
    },
    "id": "MC1187390",
    "importance": 4,
    "is_major_change": false,
    "last_modified": "2025-11-19T17:30:54Z",
    "ms_products": [
      "Defender"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Microsoft Defender XDR"
    ],
    "severity": "normal",
    "tags": [
      "Updated message",
      "New feature",
      "Admin impact"
    ],
    "title": "Unified sensor (v3.x) \u2013 new Remote Procedure Call (RPC) configuration health alert for Microsoft Defender for Identity"
  }
}