Microsoft 365 Alert – Service Degradation – Microsoft Teams – Users may be unable to view data for multiple features in Microsoft 365 Defender for Endpoint – RESOLVED

06/08/2024 17:41:00 PM

Note: This service degradation does not impact NHSmail users.

NHSmail Reference: INC44220070

Microsoft Reference: DZ809858

Issue Status: RESOLVED

Issue Description: Users may be unable to view data for multiple features in Microsoft 365 Defender for Endpoint.

More info:  Affected data includes but may not be limited to:
– Advanced Hunting
– Device Inventory
– Device Timeline
– Network Malicious Activity alerts

This issue would also affect Microsoft Sentinel when forwarding the Microsoft Defender for Endpoint signal from Advanced Hunting to the Sentinel service.

Current Update: 20/08/2024 17:03:00 PM – Microsoft have verified the efficacy of the fix and have published an updated Windows Server 2022 build, KB5041160, on August 13, 2024, containing the fix. They have confirmed through internal testing that once users install this Windows Server 2022 update the impact will be remediated. The details of the build can be viewed at this URL:
https://support.microsoft.com/en-us/topic/august-13-2024-kb5041160-os-build-20348-2655-e186b7ab-3d1b-4f6e-a959-f3e5d0bad3df

Scope of impact: This issue may impact any user on Windows Server 2022 build 20348.2527 or newer attempting to view networking data for multiple services in Microsoft 365 Defender for Endpoint.

Root cause: A recent Windows update introduced a regression which is causing failures on the service responsible for populating this data in the Microsoft 365 Defender portal.

Next steps: Microsoft are reviewing the previous Windows update to determine why the regression occurred to prevent similar impact from occurring in the future.