Some users may encounter up to three hour delays for Anomaly detection alerts, Advanced hunting, and custom detections

Title: Some users may encounter up to three hour delays for Anomaly detection alerts, Advanced hunting, and custom detections
User impact: Users may have encountered up to three-hour delays of Anomaly detection alerts, Advanced hunting, and custom detections.
More info: Specifically, users may have seen delays for events in the CloudAppEvents, AppLogonEvents, BehaviorInfo, BehaviorEntities, IdentityLogonEvents, IdentityInfo, IdentityDirectoryEvents, AlertInfo, and AlertEvidence advanced hunting tables.
Final status: We’ve verified through our system telemetry that diverting traffic to alternate nodes has addressed the problem and allowed our service to deliver all delayed data to impacted users.
Scope of impact: This issue may have affected some users of Microsoft Defender for Cloud Apps Anomaly detection alerts, Advanced hunting, and custom detections.
Start time: Sunday, January 21, 2024, at 2:00 PM UTC
End time: Sunday, January 21, 2024, at 4:50 PM UTC
Root cause: An upstream service infrastructure issue occurred in conjunction with maintenance performed against a specific set of virtual machine infrastructure that the impacted functionality is dependent on, which had caused this issue.
Next steps:
– We’re reviewing our service resiliency measures and automated recovery actions relating to this impact scenario to identify methods for preventing similar impact from occurring in the future.
This is the final update for the event.