Microsoft 365 Alert – Service Degradation – Microsoft Defender XDR – Users encounter delays for anomaly detection alerts, Advanced Hunting events, custom detections and Microsoft Sentinel – RESOLVED

09/05/2025 09:15:00 AM

NHSmail Reference: INC46525023

Microsoft Reference: DZ1069915

Issue Status: RESOLVED

Issue Description: Users encounter delays for anomaly detection alerts, Advanced Hunting events, custom detections and Microsoft Sentinel.

More Info: Specifically, users may see delays of up to twenty-five hours for events in the CloudAppEvents, AppLogonEvents, BehaviorInfo, BehaviorEntities, IdentityLogonEvents, AlertInfo, and AlertEvidence advanced hunting tables.

Final Update: 09/05/2025 10:05:00 AM – Microsoft have successfully processed the backlog of delayed alerts, and confirmed that impact has been fully remediated.

Scope of impact: Impact is specific to some users who are served through the affected infrastructure.

Root cause: A section of service infrastructure that facilitates events, detections and alerts within Microsoft Defender for Cloud Apps and Microsoft Sentinel has fallen below our manageable service performance thresholds, which is resulting in impact.

Next steps: Microsoft are analyzing performance data and trends on the affected infrastructure to help prevent this problem from happening again.