Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal

Title: Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal

User impact: Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal.

More info: Alerts and activities data may also be similarly delayed in the Microsoft 365 Defender portal.

Affected admins may experience delayed data population pertaining to alerts and activities for the following scenarios:

– Anomaly detection
– Activity policies
– Some tables in the advanced hunting schema
– Microsoft Defender for Identity activities and alerts

Current status: We’ve confirmed that our aforementioned optimizations and actions to restart the infrastructure responsible for the ingestion and population of Microsoft Defender for Cloud Apps alert data has restored its health, preventing any new impact instances. We’re monitoring for an extended period to ensure that all alert and activity data from within the window of impact is populated as expected, and we’ll aim to confirm an estimated time to resolution by our next scheduled update.

Scope of impact: Impact is specific to some admins served through the affected infrastructure who are attempting to view Microsoft Defender for Cloud Apps activities and alerts in the Microsoft 365 Defender portal and the Microsoft Defender for Cloud Apps portal.

Start time: Monday, September 11, 2023, at 9:50 AM UTC

Root cause: A portion of infrastructure responsible for the ingestion and population of Microsoft Defender for Cloud Apps alert data began operating below acceptable performance thresholds, resulting in impact.

Next update by: Monday, September 11, 2023, at 6:30 PM UTC