Admins couldn’t run queries on the “AppCloudEvents” advanced hunting table in Microsoft Defender for Cloud Apps

Title: Admins couldn’t run queries on the “AppCloudEvents” advanced hunting table in Microsoft Defender for Cloud Apps
User impact: Admins couldn’t run queries on the “AppCloudEvents” advanced hunting table in Microsoft Defender for Cloud Apps.
More info: Some admins may have also experienced impact to the “AppLogonEvents”, “AppQueryEvents” and “AppIdentityEvents” tables with any custom detections based on these tables also not working.
Final status: We’ve identified that recent standard service maintenance on the “AppCloudEvents” advanced hunting table, intended to prepare the table for a new field, inadvertently caused the data required to run queries to become unavailable. We’ve reverted the maintenance change and confirmed impact has been remediated after making the required data available again.
Scope of impact: Impact was specific to some admins who were served through the affected infrastructure.
Start time: Wednesday, November 15, 2023, at 9:00 AM UTC
End time: Monday, November 20, 2023, at 3:00 AM UTC
Root cause: Recent standard service maintenance on the “AppCloudEvents” advanced hunting table, intended to prepare the table for a new field, inadvertently caused the data required to run queries to become unavailable.
Next steps:
– We’re reviewing our standard service maintenance procedures to help prevent similar impact from happening again.
This is the final update for the event.