Microsoft reports losing part of its enterprise customers' security logs due to a vulnerability
Learn More
Microsoft reports that between early September and early October 2024, the company experienced a significant issue involving its enterprise customers' security logs. The issue was caused by a vulnerability that emerged while attempting to fix a separate log collection service flaw.
The disruption stemmed from a flawed service update intended to address an existing limit in Microsoft's logging service. The fix inadvertently caused partial loss of more than two weeks’ worth of security logs, leading to incomplete data capture for some services.
The log disruptions varied in severity across the following Microsoft services:
- Microsoft Entra
- Microsoft Sentinel
- Azure Logic Apps
- Azure Monitor
- Azure Healthcare APIs
- Azure Trusted Signing
- Azure Virtual Desktop
- Power Platform
The company rolled back the faulty service update, mitigating the issue by early October. Microsoft claims that this was not related to any security breach or compromise.
John Sheehan, Microsoft’s Corporate Vice President, stated that affected customers were notified about the issue and that support was offered as needed.The number and names of affected companies is not disclosed.
Despite Microsoft's claims of notifying all affected customers, cybersecurity expert Kevin Beaumont reported that at least two impacted organizations were not informed about the incident.
