Microsoft Defender Incident ingestion integration for Security Operations release notes

  • Release version: Store
  • Updated May 5, 2026
  • 1 minute to read

    • Version history for the ServiceNow® Microsoft Defender Incident ingestion integration for Security Operations application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.
    Version 4.0.1 - May 2026
    • Fixed:
      • SIRs are not created from SIEM ingestion due to "Secure Notes" access issue to Crypto module since the Yokohama upgrade was fixed.
      • Access issues for Security Analyst on querying tables.
      • Security fixes.
    Version 4.0.0 - March 2026
    The Microsoft Defender integration for ServiceNow Security Operations ingests alerts and incidents into the ServiceNow Security Incident Response (SIR) platform for centralized case management. Bi-directional synchronization keeps status and work notes aligned across both platforms, ensuring teams working in either system maintain consistent information without discrepancies.