Microsoft Admits Losing Weeks Of Security Logs For Its Customers’ Cloud Products, Here's What It Means

The troubles for Microsoft and its users seem to be everlasting. The tech giant has recently admitted that it is missing more than two weeks of security logs of its cloud products which has left network defenders without critical data for detecting possible intrusions. As per TechCrunch, a notification was sent to the affected users in which Microsoft stated, “a bug in one of Microsoft’s internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform” between September 2 and September 19. 

Microsoft added that the logging outage was not caused by a security incident, and it had “only affected the collection of log events.” 

According to a security researcher, Kevin Beaumont, the notifications that Microsoft had sent to the affected companies are most probably only accessible to a handful of users with tenant admin rights, reported TechCrunch. 

The notification further said, “May have experienced potential gaps in security related logs or events, possibly affecting customers’ ability to analyse data, detect threats, or generate security alerts.”

ALSO READ | THIS Woman Beats Elon Musk By Becoming Top Donor To Donald Trump For US Presidential Election Campaign

What Is Logging, Which Products Have Been Affected?

Logging is essential for monitoring events within a product, such as tracking user sign-ins and failed login attempts, which can assist network defenders in spotting potential intrusions. Without proper logs, it becomes harder to detect unauthorized access to customer networks during the two-week period in question.

The impacted products, as noted in the Business Insider report, include Microsoft Entra, Sentinel, Defender for Cloud, and Purview.

TechCrunch report stated that a Microsoft executive confirmed that the incident was caused by an “operational bug within our internal monitoring agent.”

John Sheehan, a Microsoft corporate vice president, said, “We have mitigated the issue by rolling back a service change. We have communicated to all impacted customers and will provide support as needed.”

Why Does It Matter?

The logging outage comes a year after Microsoft faced criticism from federal investigators for not providing certain US government departments with security logs. These departments used Microsoft’s government-only cloud for hosting emails. Investigators believe that if those logs had been available, China-backed cyber intrusions could have been detected much earlier.

The cyber attackers, known as Storm-0558, infiltrated Microsoft’s network and stole a master key, granting them unrestricted access to US government emails stored in Microsoft’s cloud.

A government review of the attack revealed that the State Department was able to detect the breach because it had a higher-tier Microsoft license that included access to security logs, a benefit other affected government agencies lacked. In response to these hacks, Microsoft announced it would start providing log access to lower-tier cloud accounts starting in September 2023.