Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal

Title: Admins’ alert data population may be delayed by up to five hours in the Microsoft Defender for Cloud Apps portal

User impact: Admins’ alert data population may have been delayed by up to five hours in the Microsoft Defender for Cloud Apps portal.

More info: Alerts and activities data may have also been similarly delayed in the Microsoft 365 Defender portal.

Affected admins may have experienced delayed data population pertaining to alerts and activities for the following scenarios:

– Anomaly detection
– Activity policies
– Some tables in the advanced hunting schema
– Microsoft Defender for Identity activities and alerts

Final status: We’ve verified through extended monitoring that all alerts and activities data from within the window of impact has been successfully processed and is now visible to admins as expected.

Scope of impact: Impact was specific to some admins served through the affected infrastructure who were attempting to view Microsoft Defender for Cloud Apps activities and alerts in the Microsoft 365 Defender portal and the Microsoft Defender for Cloud Apps portal.

Start time: Monday, September 11, 2023, at 9:50 AM UTC

End time: Monday, September 11, 2023, at 7:00 PM UTC

Root cause: A portion of infrastructure responsible for the ingestion and population of Microsoft Defender for Cloud Apps alert data began operating below acceptable performance thresholds, resulting in impact.

Next steps:
– We’re investigating why the portion of infrastructure responsible for the ingestion and population of Microsoft Defender for Cloud Apps alert data began operating below acceptable performance thresholds so we can better prevent this issue from occurring in the future.

This is the final update for the event.