Netwrix Auditor 10.8 introduces a set of advanced updates, featuring enhanced Azure Files auditing and free add-ons for Microsoft Copilot and Azure SQL—offering deeper, more granular visibility into user activity and data access across cloud platforms.
What’s New in Netwrix Auditor 10.8
New Data Source: Activity Auditing for Azure Files
Support for Azure file share auditing has been added, enabling organizations to gain full oversight of file, folder, and permission modifications. By capturing detailed information about who made changes, what was altered, and when and where the actions occurred, teams can promptly identify and address potentially risky activities. Monitoring both successful and failed read attempts helps ensure that suspicious behavior is caught before it escalates.
Microsoft Copilot Add-On
This free add-on enables organizations to capture events triggered by Microsoft Copilot and provides detailed visibility into the specific users and data sources involved—down to the file names and their full directory paths.
Azure SQL Add-On
A no-cost extension for Azure SQL is now available, delivering full audit coverage of login events and data changes. As with other sources, each event captures the key details: user identity, action taken, time, and location.
“Does Not Contain” Operator for Enhanced Filtering
The “Does not contain” filter can now be used within the Details field when performing searches, enabling more precise query results and improving efficiency when investigating activity.
Cancelable Search Execution
Search operations that return overly large result sets due to vague filters or extensive datasets can now be interrupted. Users may cancel the query, refine parameters, and reinitiate—saving time and improving responsiveness in large-scale environments.
Mailbox Owner Activity Monitoring in Exchange Online
Auditor 10.8 introduces monitoring of Exchange Online mailbox owners’ behavior. This includes identifying mass deletions, changes in folder permissions, or the creation of new inbox rules—empowering organizations to proactively investigate potential account compromise.
Expanded User Attribute Reporting
The “User Account – Attributes” report has been expanded to include six additional data fields:
- EmployeeID
- Smart card logon requirement
- SID history
- Logon workstation
- Mobile phone
- User SID
All attributes (except Mobile Phone) are now also available as filters during search queries.
Major Platform Enhancements
- Support added for Nutanix Files 5.0
- Dell Isilon OneFS versions 9.8 and 9.9, and Unity up to version 5.4 are now supported
- Compatibility with Isilon/PowerScale 9.10
- Support for Qumulo Core 7.4.1 added
Bug Fixes & Minor Improvements
| Description | Case # | Escalation # |
| Improved fault tolerance during integration with Netwrix Data Classification | 419364 | 357595 |
| Added detection and automatic cleanup of corruption in HealthData buffer for Windows Server Auditing | 413201 | 347000 |
| Enhanced error messaging for the CallHome feature | 443802 | 385073 |
| Resolved an issue where remnants in Agents.xml blocked re-adding targets in User Activity Auditing | 388568 | 344839 |
| Resolved access issues with NPS integration in multi-domain controller environments | 420343 | 358009, 358018, 358071 |
| Eliminated duplicate entries in the “Monitored Computers” tab for User Activity Auditing | 388568 | 127320 |
| Addressed issue with SSRS report browsing defaulting to Windows process credentials instead of user-provided ones | 401299 | 339251 |
| Prevented Data Collecting Account for Inactive User Tracker from accessing ConfigServer nodes | 400654 | 340091 |
| Improved AD Restore Wizard logic to avoid deleting indirectly selected objects during attribute restoration | 437805 | 379951 |
| Addressed permission change detection failures for top-level share objects on Synology, Nutanix, Qumulo, and Unity platforms | N/A | 306133 |
Plan Your Upgrade
Support for Netwrix Auditor 10.6 will officially end on January 1, 2026. For full details, please review the Netwrix End-of-Support Policy.
