Microsoft 365 Alert – Service Degradation – Microsoft Defender XDR – Some users’ Device Control policies are getting applied inconsistently in Microsoft Defender for Endpoint – ONGOING

09/03/2026 8:25:00 AM

NHSmail Reference: INC46767270

Microsoft Reference: DZ1246124

Issue Status: ONGOING

Issue Description: Some users’ Device Control policies are getting applied inconsistently in Microsoft Defender for Endpoint.

More info: Impact is specific to a subset of users using secure identifier (SIDs) for EntraID with Device Control policies on Windows devices accessing Microsoft Graph API in Microsoft Defender for Endpoint.

Current Update: 10/04/2026 10:02:00 AM – There’s been a delay in the deployment timeline for our second fix, and based on our current estimates, Microsoft suspect deployment will begin on Tuesday, April 14, 2026, and complete by Friday, April 17, 2026. They will provide an update on this mitigation timeline as soon as it becomes available.

Scope of impact: Your organization is affected by this event, and a subset of users attempting to use secure identifier (SIDs) for EntraID with Device Control policies on Windows devices in Microsoft Defender for Endpoint are impacted. This information may be updated as our investigation continues.

Root cause: A configuration change related to retrieving data for Device control on Windows devices is causing an increased usage of Microsoft Graph API, preventing requests from getting processed.

Next update by: Friday, April 17, 2026, at 7:00 PM UTC