Microsoft said it mitigated an issue that led to the partial loss of more than two weeks of security log data during September.
The company previously notified customers that some security logs were lost due to a bug in the company’s internal monitoring agents. The security logs provide critical information to Microsoft customers as they can be used to flag evidence of a malicious attack.
The lost security data impacted several Microsoft platforms, including Microsoft Entra, Sentinel, Purview and Defender for Cloud.
“We have mitigated the issue by rolling back a service change,” John Sheehan, corporate VP at Microsoft, said Thursday in an emailed statement. “We have communicated to all impacted customers and will provide support as needed.”
Microsoft said the issue was not related to a security issue or a compromise. The error resulted in “partially incomplete log data” for certain services and was limited in terms of the time range.
The loss of the security logs and notification to customers was first reported by Business Insider. Joao Ferreira, a Microsoft MVP, reposted a Microsoft post-incident review about the security log issue.
Security researcher Kevin Beaumont said he was aware of two Microsoft customers who lost data, but had not been notified by the company, in a social media post on Mastodon.
Microsoft opened up free security log support in 2023 after it encountered major backlash in connection with a state-linked attack against Microsoft Exchange Online. The incident led to the theft of more than 60,000 emails from the U.S. State Department. Commerce Secretary Gina Raimondo was also hacked.
The attack, attributed to a state-linked threat group called Storm-0558, was discovered by federal officials who reviewed their logs and notified Microsoft of the incident.
In October 2023, Microsoft expanded default retention access to security logs in Microsoft Purview, before announcing the Secure Future Initiative, a complete overhaul of its security culture and internal practices.
The federal Cyber Safety Review Board blasted Microsoft’s handling of the 2023 Exchange Online campaign as entirely preventable and led to further internal security governance changes at the company.