Microsoft has informed customers about a two-week gap in security logs for certain cloud products, which may hinder the ability of network defenders to detect potential intrusions. The issue, caused by a bug in one of Microsoft's internal monitoring tools, affected the period between September 2 and September 19. According to Microsoft, the malfunction was not the result of a security breach but disrupted the collection of log data.
Business Insider first reported the incident in early October, and security researcher Kevin Beaumont noted that the notifications were likely only visible to a limited group of users with tenant admin rights. Logs are crucial for tracking product activity, such as login attempts and failures, helping to identify security breaches. Without these logs, it could be harder to spot unauthorized access during the outage.
The products affected include Microsoft Entra, Sentinel, Defender for Cloud, and Purview. Microsoft informed customers that the logging failure may have affected their ability to analyze data, detect threats, or generate security alerts. John Sheehan, a Microsoft corporate vice president, stated that the issue had been addressed by reversing a service change, and support is being provided to impacted customers.
This logging disruption follows criticism Microsoft faced last year when it withheld security logs from U.S. government departments during a China-backed hacking incident. In that case, hackers accessed U.S. government emails stored in Microsoft's cloud. After the incident, Microsoft pledged to offer security logs to lower-tier cloud accounts starting in September 2023.
Post a Comment