Version 3.0 - Release Notes & Bug Fixes

New: Threat Detection for Entra ID

  • Application Permission Changes: Modifications to application permissions, potentially granting excessive access to Entra ID resources, and Microsoft Entra ID
  • Compromised User Activity: Actions performed by an account identified as “Confirmed Compromised” within Microsoft Entra ID
  • Impossible Travel: User activity detected from multiple geographic locations, suggesting account compromise or unauthorized access
  • New Application Credential: Creation of a new application credential, potentially indicating a compromised application
  • Sensitive Role Changes: Modifications to sensitive roles in Microsoft Entra ID, such as Global Admins
  • Updated Detection for Abnormal User Behavior: Now includes Entra ID activity

New: Automated Response Actions for Entra ID

  • Entra ID Group Membership: Modify group memberships for the affected user or perpetrator
  • Disable Entra ID User: Temporarily or permanently disable the user account to prevent further unauthorized access
  • Flag Entra ID User as Confirmed Compromised: Mark the user account as compromised to trigger additional security measures and investigations
  • Reset Entra ID Password: Resets the perpetrator or affected users password to prevent further access
  • Revoke Entra ID Sessions: Terminate all active sessions for the perpetrator or affected user to prevent unauthorized access

Enhancement: More Granular Role-Based Access Control (RBAC) for Reporting & Investigations

More precise role-based access control for managing reporting and investigations, ensuring that only authorized users have access to sensitive information

Enhancement: Updated Investigations Interface

Improved interface for a more intuitive user experience

Bug Fix List

See the Netwrix Threat Manager 3.0 Bug Fix List for a list of bugs fixed in this version.

2 Likes