New: Threat Detection for Entra ID
- Application Permission Changes: Modifications to application permissions, potentially granting excessive access to Entra ID resources, and Microsoft Entra ID
- Compromised User Activity: Actions performed by an account identified as “Confirmed Compromised” within Microsoft Entra ID
- Impossible Travel: User activity detected from multiple geographic locations, suggesting account compromise or unauthorized access
- New Application Credential: Creation of a new application credential, potentially indicating a compromised application
- Sensitive Role Changes: Modifications to sensitive roles in Microsoft Entra ID, such as Global Admins
- Updated Detection for Abnormal User Behavior: Now includes Entra ID activity
New: Automated Response Actions for Entra ID
- Entra ID Group Membership: Modify group memberships for the affected user or perpetrator
- Disable Entra ID User: Temporarily or permanently disable the user account to prevent further unauthorized access
- Flag Entra ID User as Confirmed Compromised: Mark the user account as compromised to trigger additional security measures and investigations
- Reset Entra ID Password: Resets the perpetrator or affected users password to prevent further access
- Revoke Entra ID Sessions: Terminate all active sessions for the perpetrator or affected user to prevent unauthorized access
Enhancement: More Granular Role-Based Access Control (RBAC) for Reporting & Investigations
More precise role-based access control for managing reporting and investigations, ensuring that only authorized users have access to sensitive information
Enhancement: Updated Investigations Interface
Improved interface for a more intuitive user experience
Bug Fix List
See the Netwrix Threat Manager 3.0 Bug Fix List for a list of bugs fixed in this version.