Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 16-Oct-2024 05:46:04 JST Kevin Beaumont

Not sure how well this is known as the notification and press coverage has been paywalled -
Microsoft had a gaffe and lost some security logs for Microsoft Entra, Microsoft Defender for Cloud and Microsoft Purview for several weeks in September. So if you built detections on these, they may be missing.
It looks like notification was in Microsoft 365 portal, which needs tenant admin rights so sec teams likely don’t know.
Also, MS apparently refused to comment to press. https://www.businessinsider.com/microsoft-tells-customers-it-lost-log-data-key-security-products-2024-10
In conversation about 3 months ago from cyberplace.social permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  missing.it
2. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/113/313/391/418/769/854/original/fff645c2b3f103b9.jpeg
3. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/113/313/391/812/230/101/original/f5f3d641194aa1b5.jpeg
4. Domain not in remote thumbnail source whitelist: i.insider.com
  
  Microsoft tells customers it lost log data for key security products
  
  from Ashley Stewart
  
  Microsoft told customers that a software bug caused inconsistent collection of log data for key cloud services.
- Embed this notice
  🅵 (fedor@todon.nl)'s status on Wednesday, 16-Oct-2024 06:19:53 JST 🅵
  in reply to
  
  @GossiTheDog
  wtf is "purview"?
  I still don't have a clue after reading this:
  https://learn.microsoft.com/en-us/purview/purview
  "Microsoft Purview provides organizations with a powerful platform for governing and securing data across your entire data estate."
  .....????
  In conversation about 3 months ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: learn.microsoft.com
    
    Learn about Microsoft Purview
    
    from robmazz
    
    Use this article to learn more about Microsoft Purview.
- Embed this notice
  Pete Wright (pete_wright@nlogic.systems)'s status on Wednesday, 16-Oct-2024 06:20:26 JST Pete Wright
  in reply to
  
  @GossiTheDog The "There is no evidence of cyberattcks" bit is pretty hilarious. This is right after it explains how the logs are used to record information that would let you know there was an attack.
  
  Like why even include that sentence aside from keeping some droid at MSFT happy?
  
  In conversation about 3 months ago permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 18-Oct-2024 04:01:01 JST Kevin Beaumont
  in reply to
  
  An update to the missing Microsoft cloud security log situation - one of the notes which went out to customers has been publicly posted: https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/
  I now know of two large MS customers who are missing logs for that period who didn’t get notifications in the MS portals described. So you might want to check.
  In conversation about 3 months ago permalink
  Attachments
  1. Untitled attachment
    https://cyberplace.social/system/media_attachments/files/113/324/302/698/899/520/original/50472df06b364191.jpeg
  2. Untitled attachment

Public

Conversation

Notices

Feeds