Microsoft 365 Alert – Service Degradation – Microsoft Defender XDR – Admins may experience a 30-minute gap in security telemetry and alerts in Microsoft Defender for Endpoint – ONGOING

20/05/2026 01:42:00 PM

NHSmail Reference: INC46831793

Microsoft Reference: DZ1316705

Issue Status: ONGOING

Issue Description: Admins may experience a 30-minute gap in security telemetry and alerts in Microsoft Defender for Endpoint.

More info: Impacted admins may experience a point-in-time gap of approximately 30 minutes in Microsoft Defender for Endpoint telemetry data when viewing information in the Microsoft Defender portal and Microsoft Sentinel, as the impacted data wasn’t ingested.

Current Update: 20/05/2026 01:44:00 PM–Microsoft has determined that an authentication component misconfiguration is causing authentication issues within a core part of the Microsoft Defender for Endpoint service, resulting in telemetry data not being ingested. They are deploying a fix to restore the authentication component and stabilize ingestion, which will allow the missing data to be re-ingested.

Scope of impact: Some admins relying on security telemetry reporting in Microsoft Defender for Endpoint may be impacted. This information may be updated as our investigation continues.

Root cause: An authentication component misconfiguration is causing authentication issues within a core part of the Microsoft Defender for Endpoint service, resulting in telemetry data not being ingested.

Next update by: Wednesday, May 20, 2026, at 1:30 PM UTC