Netwrix Auditor 10.9 is here — and if your organization runs a hybrid environment, this release was built with you in mind. We’ve extended full State-in-Time visibility and Risk Assessment coverage to Azure Files, and supercharged the Inactive Users risk calculation to accurately reflect authentication activity across both Active Directory and Entra ID simultaneously.
Want the full details? Click the link below!
What’s New in Netwrix Auditor 10.9
State-in-Time Reports for Azure Files
Netwrix Auditor now delivers a full suite of State-in-Time permission reports for Azure file shares mounted via SMB. The new reports — Account Permissions, Folder and File Permission Details, Folder Tree View, Excessive Access Permissions, Duplicate Files, Largest Files, and Stale Data by Folder — give security and compliance teams complete visibility into who can access what in Azure Files storage, using the same familiar layout as on-premises file servers.
Risk Assessment for Azure Files
Azure Files joins the Netwrix Auditor Risk Assessment Overview alongside on-premises file shares, bringing unified risk monitoring to hybrid storage environments. New risk calculations cover files and folders accessible by Everyone, potentially harmful files, direct permissions, and file and folder names containing sensitive data.
Hybrid Inactive User Risk: Active Directory and Entra ID Combined
The Inactive Users risk calculation now correlates logon activity from both on-premises Active Directory and Microsoft Entra ID simultaneously — eliminating the false positives that plague hybrid environments where users authenticate exclusively through cloud services.
Major enhancements
Windows Server Auditing: Per-Computer Monitoring Status
Monitoring plans now include a dedicated Monitored Computers grid showing the health status of every individual host — covering both Activity Records collection and State-in-Time. Filter and search by name, source item, or status (“Healthy” / “Take action”), then drill into any row for a detailed breakdown with error messages and agent version. Troubleshooting collection issues just got a lot faster.
User Activity Monitoring: Computer Exclusion within Organizational Units
User Activity Monitoring plans now support item-level exclusion of specific computer objects within monitored Organizational Units — using the same exclusion interface already available in Windows Server Auditing.
Workstation Field for Isilon Activity Records
Netwrix Auditor for File Servers (Isilon) now extracts and displays the Workstation field from native Isilon/OneFS audit events. When the source data includes a client hostname or IP address, it’s mapped to the Workstation field and surfaced in Search, Reports, Subscriptions, and exports — bringing Isilon up to the same endpoint traceability standard as Windows file server monitoring.
gMSA Support for Inactive Users Tracker
Inactive Users Tracker now supports Group Managed Service Accounts (gMSA) as the data collection account — eliminating manual password rotation and aligning with modern least-privilege security practices.
Bug Fixes and Miscellaneous Updates
| Description | Escalation # | Case # | Bug # |
|---|---|---|---|
| Fixed incorrect hostname resolution in User Activity Video Recording caused by extra entries in the local hosts file — the Workstation field in Activity Records now shows the actual computer name instead of vmware-plugin. | 347095 | 415506 | 357515 |
| Fixed missing Workstation field data in Activity Records collected from Isilon data sources — the FSA collector now correctly populates it from Isilon audit logs. | 397371 | 452201 | N/A |
| Fixed a configuration validation bug where the FSA Isilon collector ignored the configured access zone name, triggering false “unconfigured audit settings” errors on non-default zones. | 420411 | 471947 | 422507 |
| Fixed SQL deadlocks that occurred when running SSRS-based reports (e.g. Failed Activity) due to a lock conflict between long-running report queries and the ManagementService background update routine. | 420838 | 472333 | 424595 |
| Fixed a silent failure on Windows Server 2012 R2 where clicking Export in predefined SSRS reports did nothing — caused by incorrect browser environment detection that prevented the save dialog from opening. | 433194 | 476035 | 433426 |
| Fixed an issue where agents were still deployed to target computers even when the User Activity Video Recording data source was disabled in a Monitoring Plan. | N/A | N/A | 370772 |
| Fixed a broken footer link in SSRS reports — clicking the Netwrix link no longer shows an “Inconsistent Reports Server URL” error. | N/A | N/A | 384483 |
| Fixed alert filters with detail-level conditions not firing for Group Policy, owner, and non-owner mailbox activities in Exchange Online, which caused missed alert notifications. | N/A | N/A | 389446 |
| Fixed a suboptimal join order in audit database views that caused unnecessary performance overhead when running reports covering Group Policy or Exchange mailbox activities. | N/A | N/A | 402917 |
| Fixed an unhandled exception crash in the Exchange Online mailbox owner audit collector when required application permissions are missing — it now logs a clear error and continues gracefully. | N/A | N/A | 425689 |
| Fixed incorrect report type classification — State-in-Time reports for Entra ID, Exchange Online, and SharePoint Online are now correctly displayed as State-in-Time reports in the Netwrix Auditor console. | N/A | N/A | 425861 |
Plan your upgrade
Netwrix Auditor 10.7 will reach its end of support life on December 16, 2026. To learn more, please read the Netwrix End-of-Support Policy.
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Auditor > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Auditor > Ideas |
| If you have something cool to show… | Show everyone what you built: Auditor > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!




