Microsoft has disclosed a critical lapse affecting the security logs of its cloud product users, specifically identified in products like Microsoft Entra, Sentinel, Defender for Cloud, and Purview. The bug-induced malfunction in its internal monitoring agents led to the loss of more than two weeks' worth of security logs between September 2 and 19.
The absence of these logs poses a substantial challenge for network defenders, as logging is essential for tracking events, monitoring user activity, and detecting potential intrusions. Without this data, identifying unauthorized access during the impacted period becomes increasingly challenging.
According to the notification sent to affected customers, the logging outage was not the result of a security incident but rather an operational bug. While Microsoft has taken steps to rectify the situation by rolling back a service change, concerns remain about the potential gaps in security-related logs and the subsequent impact on threat detection and security alerts.
This incident follows last year's controversy involving Microsoft withholding security logs from U.S. federal departments using its government-only cloud service. The withholding was criticized after China-backed hackers, known as Storm-0558, exploited log access limitations to infiltrate U.S. government emails.
In response to the criticism, the tech giant had promised to extend log access to lower-tier cloud accounts starting September 2023. However, this recent outage underscores ongoing vulnerabilities that necessitate vigilant monitoring and immediate remediation within the cybersecurity community.
John Sheehan, a Microsoft corporate vice president, assured that the company has communicated with all impacted customers and is committed to providing necessary support.Â
Nonetheless, this incident serves as a reminder of the crucial role robust logging practices play in maintaining security within cloud environments and the broader implications for network defense and data integrity.
In August, it was discovered that Microsoft 365 anti-phishing measures were bypassed by altering the ‘First Contact Safety Tip’ via CSS.Â
In July, a hacker posted a dataset containing leaked data of current Microsoft employees on a cybercrime forum, claiming the data breach was obtained after a third-party vendor was compromised. This security incident impacted over 2,000 individuals, exposing their full names, emails, LinkedIn profiles, and more.