The "Honeytoken was queried via SAM-R" feature in Microsoft Defender for Identity will retire on June 30, 2024. Users should use advanced hunting queries for custom detection. After retirement, alerts for honeytoken queries using SAM-R protocol will stop. Users need to prepare by adapting to the recommended query method.
Applies to: Microsoft Defender XDR
Source: mc.merill.net — data via Merill Fernando's open archive (MIT).