Microsoft is telling customers that it has lost log data for key security products

• Microsoft told customers that a software bug caused inconsistent collection of log data.
• The bug affected key security products, including Microsoft Sentinel and Entra.
• Microsoft recently said that security is its top priority.

Microsoft is telling customers that it has failed to consistently collect log data for several major cloud services, according to an update seen by Business Insider.

A log is a record of events within a program, such as account logins. This event log may include instances of unauthorized access to networks and accounts. If the logs are not recorded correctly, then any records of potential problems are lost and the company and its customers may have missed intrusions.

Between Sept. 2 and Sept. 19, “an error in one of Microsoft’s internal monitoring agents caused some of the agents to malfunction when uploading log data to our internal logging platform,” Microsoft wrote in the customer notice.

There is no evidence of cyber attacks stemming from this incident.

“This issue did not affect the uptime of any client-facing services or resources — it only affected the collection of log events. Additionally, this issue is not related to any security compromise,” the notification explained.

Affected products included Microsoft Entra, an identity management service. Microsoft Sentinel, a security intelligence and event management product, was also affected, along with Microsoft Defender for Cloud and Microsoft Purview, a data loss prevention product.

“Microsoft Sentinel clients may have experienced potential gaps in security-related logs or events that could affect clients’ ability to analyze data, detect threats, or generate security alerts,” the update warned.

BI asked Microsoft to comment on this episode on Thursday and Friday. Spokesmen Frank Shaw and Jill Austin, along with outside PR firm WE Communications, did not respond to multiple requests for comment.

This is a particularly important issue for Microsoft, as the company has said that security is a top priority. It recently introduced a Future Security Initiative, largely in response to the mishandling of security incidents, including what the Department of Homeland Security called the “cascade” of bugs that allowed Chinese hackers in 2023 to access thousands of customer emails from the cloud.

The idea was that Microsoft would make security its first priority in everything. It has become so important that every Microsoft employee will be rated on a “core priority” of security in performance reviews, according to an excerpt from an email shared with BI.

“If you’re faced with the trade-off between security and another priority, your answer is clear: do security,” Microsoft CEO Satya Nadella wrote in an email to employees in May.

“In some cases, this will mean prioritizing security over other things we do, such as releasing new features or providing ongoing support for legacy systems,” the CEO added. “This is critical to improving both the quality and capacity of our platform so we can protect our customers’ digital heritage and build a safer world for all.”

Are you a Microsoft employee or someone else with information to share?

Contact the reporter, Ashley Stewart, via the encrypted messaging app Signal (+1-425-344-8242) or by email ([email protected]). You are using a device that does not work.