Title: Some admins may experience alert and activity delays of up to two hours in Microsoft Defender for Cloud Apps
User impact: Admins may have experienced alert and activity delays of up to two hours in Microsoft Defender for Cloud Apps.
More info: Admins may have seen delays in the following scenarios:
– Anomaly detection triggering alerts
– Activity policy triggering alerts
– Activities available for hunting
– Activities showing in the user interface (UI)
Final status: Our review of service telemetry has identified that a portion of infrastructure that facilitates certain alert generation wasn’t processing requests as effectively as expected, resulting in impact. We’ve restarted services on the impacted infrastructure and confirmed that this has remediated impact via service telemetry.
Scope of impact: Any admin serviced by the impacted infrastructure may have been impacted.
Start time: Thursday, February 8, 2024, at 2:00 PM UTC
End time: Thursday, February 8, 2024, at 6:30 PM UTC
Root cause: A portion of infrastructure that facilitates certain alert generation wasn’t processing requests as effectively as expected, resulting in impact.
Next steps:
– We’re continuing our review of service telemetry to better understand the underlying cause of impact and prevent similar issues in the future.
This is the final update for the event.
