Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal

Title: Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal

User impact: Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal.

More info: Alerts and activities data may also be similarly delayed in the Microsoft 365 Defender portal.

Affected admins may experience delayed data population pertaining to alerts and activities for the following scenarios:

– Anomaly detection
– Activity policies
– Some tables in the advanced hunting schema
– Microsoft Defender for Identity activities and alerts

Current status: According to our monitoring, the majority of alerts and activities data has successfully populated for affected admins. We’re continuing our monitoring to allow time for all pertinent alert data to process as expected, and we anticipate that this issue will be fully resolved by our next scheduled update.

Scope of impact: Impact is specific to some admins served through the affected infrastructure who are attempting to view Microsoft Defender for Cloud Apps activities and alerts in the Microsoft 365 Defender portal and the Microsoft Defender for Cloud Apps portal.

Start time: Monday, September 11, 2023, at 9:50 AM UTC

Root cause: A portion of infrastructure responsible for the ingestion and population of Microsoft Defender for Cloud Apps alert data began operating below acceptable performance thresholds, resulting in impact.

Next update by: Tuesday, September 12, 2023, at 10:00 AM UTC