Azure Active Directory logs are lagging, alerts may be wrong or missing

We have questions: Who's logged in lately? How would you know? Ain't it grand that Microsoft wants you in Azure AD?


Updated Microsoft has warned users that Azure Active Directory isn't currently producing reliable sign-in logs.

"Customers using Azure Active Directory and other downstream impacted services may experience a significant delay in availability of logging data for resources," the Azure status page explains. Tools including Azure Portal, MSGraph, Log Analytics, PowerShell, and/or Application Insights are all impacted.

Azure AD and the other abovementioned tools are all working.

But Microsoft has warned that the incident "could lead to missed or misfired alerts."

Or in other words, bad things could be happening but you might not hear about them. Or you might get some weird alerts.

Either scenario is sub-optimal.

The software giant detected the issue at 21:35 UTC on May 31. As of 05:15 UTC on June 1, the problem remains unresolved.

Microsoft's last update about the issue, timestamped 04:15 UTC on June 1, stated that the company is "currently investigating a recent build roll out as the cause" and "continuing to investigate for a full root cause."

Azure engineers are working to roll back Azure AD to a version without whatever problem is causing this issue, with "signs of recovery" already evident.

Azure AD problems – such as the September 2020 outage – tend to be widely felt, as the tool is by design used to authenticate users to multiple services.

Isn't it grand, then, that Microsoft is encouraging the use of the service instead of on-prem Active Directory?

The timing of this incident is also exquisite, as it commenced on the same day Microsoft expanded and rebranded its identity and access tools under the name "Entra". ®

Updated to add at 0645 UTC, June 1

Microsoft's posted an update time-stamped 06:31 UTC and the news is not good.

The company says the issue has caused "additional impact to Azure Resource Manager for CRUD (create, read, update and delete) operations, with some requests experiencing failures whilst communicating with other Azure services."

Previous updates about the incident were promised every hour. Microsoft missed that last deadline and now advises another update will arrive around 08:30 UTC "or as events warrant".

"We are engaging additional engineering teams to assist in applying multiple mitigation steps, services are seeing signs of recovery at this time," states the latest update.

Broader topics


Other stories you might like

  • Wi-Fi hotspots and Windows on Arm broken by Microsoft's latest patches
    Only way to resolve is a rollback – but update included security fixes

    Updated Microsoft's latest set of Windows patches are causing problems for users.

    Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).

    KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.

    Continue reading
  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading

Biting the hand that feeds IT © 1998–2022