MicrosoftDocs · rlitinsky · May 19, 2026 · May 19, 2026 · May 19, 2026 · May 19, 2026
diff --git a/defender-for-identity/deploy/deploy-sensor-v3.md b/defender-for-identity/deploy/deploy-sensor-v3.md
@@ -33,6 +33,9 @@ Make sure that the server on which you're activating the sensor:
 - Is running Windows Server 2019 or later.
 - Includes the [March 2026 or later](https://support.microsoft.com/en-us/topic/march-10-2026-kb5078766-os-build-20348-4893-fa3ee26a-0877-47d7-a4b2-9dd632ea8cea) cumulative update.
 
+> [!IMPORTANT]
+> Migrating domain controllers running Windows Server 2025 to sensor v3.x isn’t currently supported. Windows Server 2025 domain controllers should continue using the v2.x sensor.
+
 #### Supported server types
 
 The v3.x sensor supports domain controllers, including domain controllers with these identity roles:

diff --git a/defender-for-identity/troubleshooting-known-issues.md b/defender-for-identity/troubleshooting-known-issues.md
@@ -486,6 +486,10 @@ If permissions need to be reconfigured, follow the steps outlined in this [guide
 
 In some v3 sensor environments, auditing health alerts might persist even when Windows auditing is correctly configured. This primarily occurs with manual auditing configuration, such as using Group Policy or PowerShell. The sensor remains healthy and detections aren't affected. To resolve, enable **Automatic Windows auditing configuration** in the Defender for Identity portal under **Settings** > **Advanced features**.
 
+## Windows Server 2025 sensor v3.x migration not supported
+
+Migrating domain controllers running Windows Server 2025 to sensor v3.x isn't currently supported. Windows Server 2025 domain controllers should continue using the v2.x sensor until full v3.x support is available.
+
 ## Next steps
 
 - [Defender for Identity sensor v2.x prerequisites](deploy/prerequisites-sensor-version-2.md) and [Defender for Identity sensor v3.x prerequisites](deploy/deploy-sensor-v3.md) 

diff --git a/defender-for-identity/whats-new.md b/defender-for-identity/whats-new.md
@@ -46,6 +46,12 @@ These new alerts were added to the Defender for Identity security alerts:
 - [Suspected Conditional Access bypass via non-compliant device](alerts-xdr.md#suspected-conditional-access-bypass-via-non-compliant-device)
 - [Suspicious addition of default third‑party MFA method to user account](alerts-xdr.md#suspicious-addition-of-default-thirdparty-mfa-method-to-user-account)
 
+### Known limitation: Windows Server 2025 sensor v3.x migration not supported
+
+Migrating domain controllers running Windows Server 2025 to sensor v3.x isn't currently supported. Windows Server 2025 domain controllers should continue using the v2.x sensor.
+
+For more information, see [Windows Server 2025 sensor v3.x migration not supported](troubleshooting-known-issues.md#windows-server-2025-sensor-v3x-migration-not-supported).
+
 ## April 2026
 
 ### **Identity Explorer (Preview)**