Security teams did not receive one log of suspicious activity in Microsoft’s platforms in September. A bug caused log data not to be sent to Microsoft’s internal logging platform. Based on this data, suspicious activity can be picked up.
On Sept. 2, the bug occurred in several of Microsoft’s platforms: Microsoft Entra, Azure Logic Apps, Azure Healthcare APIs, Microsoft Sentinel, SignTransaction, Azure Trusted Signing, Azure Virtual Desktop, and Microsoft Power Platform.
A few days later (Sept. 6), Microsoft began investigating the problems. The problem wasn’t fixed until the end of the month (Sept. 30).
Companies were at risk
The bug could cause problems with log data that tracks login activities on a Microsoft platform or activities performed on the platform. The problem reportedly caused critical log files to be partially lost. Companies that rely on these logs to monitor activities and notice suspicious actions were at high risk during September.
Microsoft notified its customers of the problem through the Microsoft 365 portal. Security researcher Kevin Beaumont also shared the notification on social media to inform businesses of the problem. He noted that the Microsoft 365 portal is closed to many security teams because they do not have the proper admin rights. As a result, many companies seem still to be unaware of the bug that has now been fixed.
Also read: Attackers sneak past security tools with login credentials