Microsoft loses two weeks of security logs

Microsoft customers should not expect security logs between Sept. 2 and Sept. 19. Security logs contain crucial information for administrators about what is happening on the network.

Microsoft has again not done too well on the security front. In early October, it sent the annoying notice to Azure customers that security logs will not be available for a period of two weeks. The affected products are Microsoft Entra, Sentinel, Defender for Cloud and Purview, writes Business Insider.

Microsoft stressed in the announcement that this was not a result of a security incident, but an internal bug. “A bug in one of the internal monitoring agents resulted in some agents failing to upload log data to our internal logging platform,” Microsoft said. Logs are therefore unavailable for the period from Sept. 2 to Sept. 19.

Treasure of information

The bug would have only impacted log data collection and not affected the operation of affected services. Cold comfort for network administrators. Security logs contain crucial information about what happens on a network.

In the security logs, administrators can sleuth for possible suspicious activity, or identify access issues for people within the organization. That precious treasure trove of information is now unavailable to Microsoft customers for two weeks.

A donkey and a stone

For Microsoft, such incidents are equally annoying. The company received a storm of criticism last year after a large-scale hack on Exchange servers. One of the many criticisms of how Microsoft handled this incident was that it offered security logs only to customers with the most expensive Enterprise subscriptions. As a result, a lot of affected organiations did not realize that something was not right on their network.