Netwrix Auditor 10.9 Released: State-in-Time reporting and risk assessment for Azure Files

Netwrix Auditor 10.9 is here — and if your organization runs a hybrid environment, this release was built with you in mind. We’ve extended full State-in-Time visibility and Risk Assessment coverage to Azure Files, and supercharged the Inactive Users risk calculation to accurately reflect authentication activity across both Active Directory and Entra ID simultaneously.

Want the full details? Click the link below!

What’s New in Netwrix Auditor 10.9

State-in-Time Reports for Azure Files

Netwrix Auditor now delivers a full suite of State-in-Time permission reports for Azure file shares mounted via SMB. The new reports — Account Permissions, Folder and File Permission Details, Folder Tree View, Excessive Access Permissions, Duplicate Files, Largest Files, and Stale Data by Folder — give security and compliance teams complete visibility into who can access what in Azure Files storage, using the same familiar layout as on-premises file servers.

Risk Assessment for Azure Files

Azure Files joins the Netwrix Auditor Risk Assessment Overview alongside on-premises file shares, bringing unified risk monitoring to hybrid storage environments. New risk calculations cover files and folders accessible by Everyone, potentially harmful files, direct permissions, and file and folder names containing sensitive data.

Hybrid Inactive User Risk: Active Directory and Entra ID Combined


The Inactive Users risk calculation now correlates logon activity from both on-premises Active Directory and Microsoft Entra ID simultaneously — eliminating the false positives that plague hybrid environments where users authenticate exclusively through cloud services.

Major enhancements

Windows Server Auditing: Per-Computer Monitoring Status


Monitoring plans now include a dedicated Monitored Computers grid showing the health status of every individual host — covering both Activity Records collection and State-in-Time. Filter and search by name, source item, or status (“Healthy” / “Take action”), then drill into any row for a detailed breakdown with error messages and agent version. Troubleshooting collection issues just got a lot faster.

User Activity Monitoring: Computer Exclusion within Organizational Units


User Activity Monitoring plans now support item-level exclusion of specific computer objects within monitored Organizational Units — using the same exclusion interface already available in Windows Server Auditing.

Workstation Field for Isilon Activity Records


Netwrix Auditor for File Servers (Isilon) now extracts and displays the Workstation field from native Isilon/OneFS audit events. When the source data includes a client hostname or IP address, it’s mapped to the Workstation field and surfaced in Search, Reports, Subscriptions, and exports — bringing Isilon up to the same endpoint traceability standard as Windows file server monitoring.

gMSA Support for Inactive Users Tracker


Inactive Users Tracker now supports Group Managed Service Accounts (gMSA) as the data collection account — eliminating manual password rotation and aligning with modern least-privilege security practices.


Bug Fixes and Miscellaneous Updates

Description Escalation # Case # Bug #
Fixed incorrect hostname resolution in User Activity Video Recording caused by extra entries in the local hosts file — the Workstation field in Activity Records now shows the actual computer name instead of vmware-plugin. 347095 415506 357515
Fixed missing Workstation field data in Activity Records collected from Isilon data sources — the FSA collector now correctly populates it from Isilon audit logs. 397371 452201 N/A
Fixed a configuration validation bug where the FSA Isilon collector ignored the configured access zone name, triggering false “unconfigured audit settings” errors on non-default zones. 420411 471947 422507
Fixed SQL deadlocks that occurred when running SSRS-based reports (e.g. Failed Activity) due to a lock conflict between long-running report queries and the ManagementService background update routine. 420838 472333 424595
Fixed a silent failure on Windows Server 2012 R2 where clicking Export in predefined SSRS reports did nothing — caused by incorrect browser environment detection that prevented the save dialog from opening. 433194 476035 433426
Fixed an issue where agents were still deployed to target computers even when the User Activity Video Recording data source was disabled in a Monitoring Plan. N/A N/A 370772
Fixed a broken footer link in SSRS reports — clicking the Netwrix link no longer shows an “Inconsistent Reports Server URL” error. N/A N/A 384483
Fixed alert filters with detail-level conditions not firing for Group Policy, owner, and non-owner mailbox activities in Exchange Online, which caused missed alert notifications. N/A N/A 389446
Fixed a suboptimal join order in audit database views that caused unnecessary performance overhead when running reports covering Group Policy or Exchange mailbox activities. N/A N/A 402917
Fixed an unhandled exception crash in the Exchange Online mailbox owner audit collector when required application permissions are missing — it now logs a clear error and continues gracefully. N/A N/A 425689
Fixed incorrect report type classification — State-in-Time reports for Entra ID, Exchange Online, and SharePoint Online are now correctly displayed as State-in-Time reports in the Netwrix Auditor console. N/A N/A 425861

Plan your upgrade

Netwrix Auditor 10.7 will reach its end of support life on December 16, 2026. To learn more, please read the Netwrix End-of-Support Policy.

Need help with this update?

There are many different ways to get help with our products!

Situation Action
If you feel the product is broken and not working as intended… Contact Support
If you have a question you’d like to ask other experts… Create a discussion in the community: Auditor > Discussions & Questions
If you have a feature request… Let our product team know directly: Auditor > Ideas
If you have something cool to show… Show everyone what you built: Auditor > Show & Tell

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!

3 Likes