Microsoft 365 Alert – Service Degradation – Microsoft Defender XDR – Admins may experience a 30-minute gap in security telemetry and alerts in Microsoft Defender for Endpoint – RESOLVED

20/05/2026 01:42:00 PM

NHSmail Reference: INC46831793

Microsoft Reference: DZ1316705

Issue Status: RESOLVED

Issue Description: Admins may experience a 30-minute gap in security telemetry and alerts in Microsoft Defender for Endpoint.

More info: Impacted admins may experience a point-in-time gap of approximately 30 minutes in Microsoft Defender for Endpoint telemetry data when viewing information in the Microsoft Defender portal and Microsoft Sentinel, as the impacted data wasn’t ingested.

Final Update: 22/05/2026 08:25:00 AM – Microsoft has successfully backfilled the gap in telemetry data from the impact window and can confirm that impact is remediated.

Scope of impact: Some admins relying on security telemetry reporting in Microsoft Defender for Endpoint and Microsoft Defender for Identity (V3 clients) may have been impacted.

Root cause: An authentication component misconfiguration was causing authentication issues within a core part of the Microsoft Defender for Endpoint and Microsoft Defender for Identity services, resulting in telemetry data for a 30-minute window not being ingested.

Next steps: Microsoft are reviewing our configuration change procedures to help prevent this problem from happening again.