Microsoft Loses Weeks of Security Logs of Consumer Cloud Product Details

The problems for Microsoft and its users seem eternal. The technology giant recently admitted that it is missing more than two weeks of security records for its cloud products, which has left network defenders without critical data to detect possible intrusions. According to TechCrunch, a notification was sent to affected users in which Microsoft stated: “a bug in one of Microsoft’s internal monitoring agents resulted in a malfunction in some of the agents when sending log data to our logging platform internal” between September 2nd and September 19th.

Microsoft added that the logging outage was not caused by a security incident and “only affected the collection of logging events.”

According to a security researcher, Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely only accessible to some users with tenant admin rights, TechCrunch reported.

The notification further said: “Potential log gaps or security-related events may have occurred, possibly impacting customers’ ability to analyze data, detect threats, or generate security alerts.”

READ ALSO | THIS woman beats Elon Musk to become Donald Trump’s top donor to the US presidential election campaign

What is registration, which products are affected?

Logging is essential for monitoring events in a product, such as tracking user logins and failed login attempts, which can help network defenders detect potential intrusions. Without adequate records, it becomes more difficult to detect unauthorized access to customer networks during the two-week period in question.

The impacted products, as noted in Business Insider’s report, include Microsoft Entra, Sentinel, Defender for Cloud, and Purview.

The TechCrunch report stated that a Microsoft executive confirmed that the incident was caused by an “operational bug in our internal monitoring agent.”

John Sheehan, corporate vice president at Microsoft, said: “We mitigated the issue by rolling back a service change. We have communicated with all affected customers and will provide support as needed.”

Why does this matter?

The logging halt comes a year after Microsoft faced criticism from federal investigators for failing to provide security logs to certain US government departments. These departments used Microsoft’s government-only cloud to host emails. Researchers believe that if such records were available, Chinese-backed cyber intrusions could have been detected much earlier.

The cybercriminals, known as Storm-0558, infiltrated Microsoft’s network and stole a master key, granting them unrestricted access to US government emails stored in Microsoft’s cloud.

A government analysis of the attack revealed that the State Department was able to detect the breach because it had a higher-level Microsoft license that included access to security logs, a benefit that other affected government agencies lacked. In response to these hacks, Microsoft announced that it would begin providing log access to lower-level cloud accounts starting in September 2023.