https://www.verboon.info/tags/passwords/Recent content in Passwords on Anything About ITHugoen-usSat, 06 Dec 2025 12:27:02 +0000https://www.verboon.info/2025/12/exploring-identityaccountinfo-building-a-kql-query-to-assess-identity-password-security-posture/Sat, 06 Dec 2025 12:27:02 +0000https://www.verboon.info/2025/12/exploring-identityaccountinfo-building-a-kql-query-to-assess-identity-password-security-posture/<p>Recently Microsoft Defender XDR introduced a new table called <a href="https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-identityaccountinfo-table">IdentityAccountInfo</a>, and this one immediately caught my attention. It brings several interesting attributes into Advanced Hunting, including <code>LastPasswordChangeTime</code> and even the sensitivity classification of an identity.</p> <p>Naturally, my first thought was: this is perfect material for some hunting logic, so let&rsquo;s build a KQL query out of it.</p> <p>Why am I excited about this? Because it finally allows us to query identity hygiene data straight from Defender. No external inventory dumps, no AD scripting, just KQL.</p>