Microsoft recently informed customers that more than two weeks of security logs for some of its cloud services are missing, which could hinder the ability of network security teams to detect potential breaches during that time.
According to a notice sent to affected customers, the issue stemmed from a bug in Microsoft’s internal monitoring software. This glitch caused certain monitoring agents to fail in uploading log data to Microsoft’s internal logging platform between September 2 and September 19. Microsoft clarified that the problem was not due to a security incident but rather affected the collection of log events.
This missing data could leave companies without critical logs, making it harder to track suspicious activities like unauthorized logins during that two-week window. Logging is essential for monitoring key events, such as user sign-ins and failed access attempts, which helps security teams identify potential threats.
The affected products include Microsoft Entra, Sentinel, Defender for Cloud, and Purview. According to Microsoft’s notification, the outage may have created gaps in security-related logs, which could impact customers’ ability to analyze data, detect threats, or generate security alerts.
While Microsoft did not respond to specific questions about the outage, a company executive, John Sheehan, confirmed that the incident resulted from an internal operational error in its monitoring system. Sheehan assured customers that Microsoft has since resolved the issue by rolling back the service change that caused the glitch. He also confirmed that the company has communicated with all affected users and is offering support as needed.
This incident comes after Microsoft faced criticism last year for withholding security logs from certain U.S. government agencies that use the company’s cloud services. Those logs could have helped identify cyberattacks linked to China-backed hackers, known as Storm-0558, who gained access to sensitive U.S. government emails. A postmortem revealed that only the State Department, which had a higher-tier Microsoft license that included access to security logs, was able to detect the breach early.
Following that breach, Microsoft pledged to make security logs more widely available to customers with lower-tier cloud accounts starting in September 2023. However, this recent logging outage raises new concerns about the company’s ability to consistently provide reliable security monitoring for its cloud products.
