icon-itdr.svg
ITDR

Configuring an Active Directory Change Detection Notification

You can configure an Active Directory (AD) change detection notification to generate emails after AD domains are successfully scanned and bad changes are detected. You can customize the notification for specific scan or issue types.

The AD change detection scan runs every 15 minutes. Some bad changes might generate a huge volume of emails and overload email servers and inboxes. To avoid this, you can limit the number of emails per user in a 24-hour window.

To configure an AD change detection notification:

  1. Go to ITDR > Notifications > Configure.
  2. Click Configure Notification.

  3. In the Configure Notifications window:
    1. Select Enabled.
    2. Name: Enter the name of the notification.
    3. Alert Type: Select Active Directory Change Detection from the drop-down menu.
    4. Active Directory Domains: Select one or more AD domains from the drop-down menu.
    5. Under Active Directory Change Detection Notifications, do one of the following:
      • Select Enable All to enable notification for all the scan types that you select in the following step.
      • Under Scan Categories, enable one or more scan types (e.g., Vulnerable to AS-REP roasting, Privileged Accounts, Kerberoastable Accounts, etc.).
    6. Number of emails in a 24-hr window: Enter a number less than or equal to 20.

      If the number of emails exceeds this limit, Zscaler pauses the notifications and sends an email recommending you to review the configuration.

    7. Users: Select one or more email recipients or users from the drop-down menu.

  4. Click Save.

    The Active Directory (AD) change detection notification is configured.

After the configured AD domains are successfully scanned, users receive emails with bad change details. The email provides details such as the affected AD domain and identities, issue details, remediation details, etc. You can review the bad changes and remediate the issues.

Related Articles
About NotificationsConfiguring an Active Directory Posture NotificationConfiguring an Active Directory Change Detection NotificationConfiguring an Endpoint Credential Scan NotificationConfiguring an Entra ID Posture NotificationConfiguring an Entra ID Change Detection NotificationEditing or Deleting a Notification