Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program.

Microsoft first revealed plans to integrate Sysmon natively into Windows 11 and Windows Server in November, when it also confirmed that it will soon release detailed documentation.

Sysmon (short for System Monitor) is a free Microsoft Sysinternals tool (and a Windows system service and device driver) that monitors for and blocks malicious/suspicious activity, logging it to the Windows Event Log.