Microsoft fails to collect critical security logs, exposing customers to risks

Widespread impact on security monitoring

Microsoft acknowledged that the logging failure affected a range of key services. Microsoft Sentinel, a widely used security tool, suffered gaps in its logs, making it difficult for customers to detect threats and generate alerts. Azure Monitor, another important tool for security analysis, also faced incomplete log data, potentially leading to missed alerts for enterprises.

Microsoft Entra experienced sign-in and activity logs issues, while Azure Logic Apps saw disruptions in telemetry data. Though the core functions of these services remained unaffected, the inability to capture critical log data significantly weakened customers’ ability to monitor security events. The company noted that the logs were lost due to a glitch in the telemetry agent, which caused a gradual log backup before data was overwritten when the cache limit was reached.

However, the company said this issue “did not impact the uptime of any customer-facing services or resources” and only affected the collection of log events. “Additionally, this issue is not related to any security compromise.”

Leave a Comment