Microsoft 365 Alert – Service Degradation – Microsoft Defender XDR – Some users’ Device Control policies are getting applied inconsistently in Microsoft Defender for Endpoint – RESOLVED

09/03/2026 8:25:00 AM

NHSmail Reference: INC46767270

Microsoft Reference: DZ1246124

Issue Status: RESOLVED

Issue Description: Some users’ Device Control policies are getting applied inconsistently in Microsoft Defender for Endpoint.

More info: Impact is specific to a subset of users using secure identifier (SIDs) for EntraID with Device Control policies on Windows devices accessing Microsoft Graph API in Microsoft Defender for Endpoint.

Final Update: 20/04/2026 10:02:00 AM – Microsoft has confirmed that their second deployment has completed saturating for all affected users, resolving this event.

Scope of impact: Your organization is affected by this event, and a subset of users attempting to use secure identifier (SIDs) for EntraID with Device Control policies on Windows devices in Microsoft Defender for Endpoint are impacted. This information may be updated as our investigation continues.

Root cause: A configuration change related to retrieving data for Device control on Windows devices is causing an increased usage of Microsoft Graph API, preventing requests from getting processed.

Next Steps: Microsoft are reviewing the responsible configuration change to better understand what led to the error that resulted in impact and prevent similar future occurrences.