Microsoft tells customers it lost log data for key security products

• Microsoft told customers that a software bug caused inconsistent collection of log data.
• The bug affected key security products, including Microsoft Sentinel and Entra.
• Microsoft has been saying recently that security is its top priority.

Microsoft is telling customers that it failed to consistently collect log data for several important cloud services, according to an update viewed by Business Insider.

A log is a record of events within a program, such as account sign-ins. This record of events could include instances of unauthorized access to networks and accounts. If logs are not recorded properly, then any records of potential problems are lost and the company and its customers may have missed intrusions.

Between September 2 and September 19, “a bug in one of Microsoft’s internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform,” Microsoft wrote in the customer notification.

There’s no evidence of cyberattacks stemming from this incident.

“This issue did not impact the uptime of any customer-facing services or resources — it only affected the collection of log events. Additionally, this issue is not related to any security compromise,” the notification explained.

Affected products included Microsoft Entra, an identity-management service. Microsoft Sentinel, a security information and event-management product, was also impacted, along with Microsoft Defender for Cloud and Microsoft Purview, a data loss prevention product.

“Microsoft Sentinel customers may have experienced potential gaps in security related logs or events, possibly affecting customers’ ability to analyze data, detect threats, or generate security alerts,” the update warned.

BI asked Microsoft to comment on this episode on Thursday and Friday. Spokespeople Frank Shaw and Jill Austin, along with the company’s outside PR firm WE Communications, didn’t respond to multiple requests for comment.

This is a particularly a big deal for Microsoft because the company has been saying that security is a top priority. It recently introduced a Security Futures Initiative, largely in response to its mishandling of security incidents, including what the Department of Homeland Security called “cascade” of errors that allowed Chinese hackers in 2023 to access thousands of cloud customer emails.

The idea was that Microsoft would make security its first priority in everything. It’s become so important that every Microsoft employee will be evaluated on a “core priority” of security in performance reviews, according to an excerpt of an email shared with BI.

“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” Microsoft CEO Satya Nadella wrote in an email to employees in May.

“In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems,” the CEO added. “This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all.”

Are you a Microsoft employee or someone else with insight to share?

Contact the reporter, Ashley Stewart, via the encrypted messaging app Signal (+1-425-344-8242) or email (astewart@businessinsider.com). Use a nonwork device.