Microsoft has notified customers that it’s missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions.
According to a notification sent to affected customers, Microsoft said that “a bug in one of Microsoft’s internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform” between September 2 and September 19.
The notification said that the logging outage was not caused by a security incident, and “only affected the collection of log events.”
Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights.
[…]
The affected products include Microsoft Entra, Sentinel, Defender for Cloud, and Purview, according to the Business Insider report.
[…]
The logging outage comes a year after Microsoft came under fire from federal investigators for withholding security logs from certain U.S. federal government departments that host their emails on the company’s hardened, government-only cloud; investigators said having access to those logs could have identified a series of China-backed intrusions far sooner.
The China-backed intruders, referred to as Storm-0558, broke into Microsoft’s network and stole a digital skeleton key that allowed the hackers unfettered access to U.S. government emails stored in Microsoft’s cloud
[…]
Following the China-backed hacks, Microsoft said it would start providing logs to its lower-paid cloud accounts from September 2023.
Source: Microsoft said it lost weeks of security logs for its customers’ cloud products | TechCrunch
Cloud problems scale so very very well. Everyone has a problem if your cloud provider has one.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft