Forum Discussion
Defender for Identity health issues
When will the issues/alerts from defender for identity sensors be available to view via advanced hunting instead of the Graph API and "/security/identities/healthIssues"
1 Reply
There is currently no dedicated advanced hunting table specifically for Defender for Identity sensor health issues.
Current State
Right now, Defender for Identity health issues are only accessible through:
- The Microsoft Defender XDR portal UI (under Identities > Health issues)
- The Microsoft Graph API endpoint you mentioned (/security/identities/healthIssues)
What's Available in Advanced Hunting
The advanced hunting schema includes several identity-related tables, but none specifically for health issues:
- IdentityInfo - Account information from various sources including Microsoft Entra ID
- IdentityDirectoryEvents - Events from on-premises domain controllers
- IdentityLogonEvents - Authentication events
- IdentityQueryEvents - Queries for Active Directory objects
While the documentation mentions that entity tables include "health status and tags" for devices and users, there's no specific table for sensor health issues or alerts.
Microsoft's Roadmap
I couldn't find any official announcement or timeline from Microsoft about when health issues will be available via advanced hunting. The "What's New" documentation for Defender for Identity doesn't mention this feature being planned or in development.
If this capability is important for your environment, I'd recommend:
- Providing feedback to Microsoft through the Defender portal's feedback mechanism
- Checking the Microsoft 365 roadmap periodically for updates
- Continuing to use the Graph API for programmatic access to health issues in the meantime
Thanks,
Jovan S.
