Azure Active Directory logs are lagging, alerts may be wrong or missing

We have questions: Who's logged in lately? How would you know? Ain't it grand that Microsoft wants you in Azure AD?


Updated Microsoft has warned users that Azure Active Directory isn't currently producing reliable sign-in logs.

"Customers using Azure Active Directory and other downstream impacted services may experience a significant delay in availability of logging data for resources," the Azure status page explains. Tools including Azure Portal, MSGraph, Log Analytics, PowerShell, and/or Application Insights are all impacted.

Azure AD and the other abovementioned tools are all working.

But Microsoft has warned that the incident "could lead to missed or misfired alerts."

Or in other words, bad things could be happening but you might not hear about them. Or you might get some weird alerts.

Either scenario is sub-optimal.

The software giant detected the issue at 21:35 UTC on May 31. As of 05:15 UTC on June 1, the problem remains unresolved.

Microsoft's last update about the issue, timestamped 04:15 UTC on June 1, stated that the company is "currently investigating a recent build roll out as the cause" and "continuing to investigate for a full root cause."

Azure engineers are working to roll back Azure AD to a version without whatever problem is causing this issue, with "signs of recovery" already evident.

Azure AD problems – such as the September 2020 outage – tend to be widely felt, as the tool is by design used to authenticate users to multiple services.

Isn't it grand, then, that Microsoft is encouraging the use of the service instead of on-prem Active Directory?

The timing of this incident is also exquisite, as it commenced on the same day Microsoft expanded and rebranded its identity and access tools under the name "Entra". ®

Updated to add at 0645 UTC, June 1

Microsoft's posted an update time-stamped 06:31 UTC and the news is not good.

The company says the issue has caused "additional impact to Azure Resource Manager for CRUD (create, read, update and delete) operations, with some requests experiencing failures whilst communicating with other Azure services."

Previous updates about the incident were promised every hour. Microsoft missed that last deadline and now advises another update will arrive around 08:30 UTC "or as events warrant".

"We are engaging additional engineering teams to assist in applying multiple mitigation steps, services are seeing signs of recovery at this time," states the latest update.

Broader topics


Other stories you might like

Biting the hand that feeds IT © 1998–2022