Version history for the Security Incident Response integration with Microsoft Defender for Endpoint on the ServiceNow Store.

Important: For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

Version history

Version 1.0.12 - June 2025
Fixed: Query failure due to insufficient 'query_match' access on sn_sec_core_integration_item.sys_scope for users with sn_si.analyst role, impacting Defender for Endpoint integration.
Version 1.0.11 - May 2025
Fixed: Bugs have been addressed and resolved as part of this release.
Version 1.0.9 - November 2024
Changed: Migration of Workflows to Flow Designer flows.
Version 1.0.7 - August 2024
  • New: Migrated workflows to flow designer for Microsoft Defender enrichment capabilities.
  • Changed: Microsoft Defender for endpoint is now compatible to be configured for GCC environments.
Version 1.0.6 - March 2024
  • Changed: The Comments field in the Run additional actions capability is now set as a mandatory field.
  • Fixed:
    • The Get Host Details and Get Logged on Users actions fail due to a large response
    • Create indicators in Microsoft Defender endpoint action fails when a different time format was chosen than YYYY-MM-DD HH:MM:SS.
Version 1.0.5 - August 2023
  • Changed: The MS Defender Capabilities Isolate Host and Run Antivirus scan dialogue boxes' Type field is now a drop down instead of a text.
  • Fixed: If the machine is not found by the name field of the CI item in the Defender, you can search for the machine name using the FQDN field.
Version 1.0.4 - April 2023
Changed: Updated to support this integration on the Security Incident Response workspace.
Version 1.0.2 - February 2023
New: Support for Analyst workspace.
Version 1.0.1 - November 2022
  • Fixed:
    • Microsoft Defender for Endpoint Host Details' flow is retrieving all machine details instead of retrieving details for the required Configuration Item.
    • POL_ON Defender Endpoint Observable Indicator UI page is broken.
Version 1.0.0 - February 2022
The Microsoft Defender For Endpoint enables organizations to proactively inspect, analyze, and contain known and unknown threats on any endpoint.