Microsoft fails to collect critical security logs, putting customers at risk

Widespread impact on security monitoring

Microsoft acknowledged that the logging failure affected a range of key services. Microsoft Sentinel, a widely used security tool, suffered from gaps in its logs, making it difficult for customers to detect threats and generate alerts. Azure Monitor, another important tool for security analytics, was also experiencing incomplete log data, which could lead to missed alerts for businesses.

Microsoft Entra experienced connection and activity log issues, while Azure Logic Apps saw disruptions in telemetry data. Although the core functions of these services were not affected, the inability to capture critical log data significantly weakened customers’ ability to monitor security events. The company noted that the logs were lost due to an issue in the telemetry agent, which caused the logs to be progressively backed up before the data was overwritten when the cache limit was reached.

However, the company said this issue “does not impact the availability of customer-facing services or resources” and only affects log event collection. “Additionally, this issue is not related to any security compromise.”