Microsoft tells customers it lost log data for key security products

• Microsoft told customers that a software bug caused inconsistent collection of log data.
• The bug affected key security products, including Microsoft Sentinel and Entra.
• Microsoft has been saying recently that security is its top priority.

Microsoft is telling customers that it failed to consistently collect log data for several important cloud services, according to an update viewed by Business Insider.

A log is a record of events within a program, such as account sign-ins. This record could include instances of unauthorized access to networks and accounts. If logs are not recorded properly, then any records of problems are lost and the company and its customers may have missed intrusions.

Between September 2 and September 19, "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform," Microsoft wrote in the customer notification.

There's no evidence of cyberattacks stemming from this incident.

"This issue did not impact the uptime of any customer-facing services or resources -- it only affected the collection of log events. Additionally, this issue is not related to any security compromise," the notification added.

Affected products included Microsoft Entra, an identity-management service. Microsoft Sentinel, a security-information and event-management product, was also affected, along with Microsoft Defender for Cloud and Microsoft Purview, a product for data-loss prevention.

"Microsoft Sentinel customers may have experienced potential gaps in security related logs or events, possibly affecting customers' ability to analyze data, detect threats, or generate security alerts," the update said.

BI asked Microsoft to comment on this episode on Thursday and Friday. Its spokespeople Frank Shaw and Jill Austin, along with the company's outside public-relations firm WE Communications, didn't respond to multiple requests for comment.

This is a particularly big deal for Microsoft because the company has been saying that security is a top priority. It recently introduced a Security Future Initiative, largely in response to its mishandling of security incidents, including what the Department of Homeland Security called a " cascade " of errors that allowed Chinese hackers in 2023 to access thousands of cloud-customer emails.

The idea was that Microsoft would make security its first priority in everything. It's become so important that every Microsoft employee will be evaluated on a "core priority" of security in performance reviews, an excerpt of an email shared with BI said.

"If you're faced with the tradeoff between security and another priority, your answer is clear: Do security," Microsoft CEO Satya Nadella wrote in an email to employees in May.

"In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems," the CEO added. "This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all."

Are you a Microsoft employee or someone else with insight to share?

Contact the reporter, Ashley Stewart, via the encrypted messaging app Signal (+1-425-344-8242) or email ( astewart@businessinsider.com ). Use a nonwork device.