Azure Active Directory logs are lagging, alerts may be wrong or missing Microsoft has warned users that Azure Active Directory isn't currently producing reliable sign-in logs. "Customers using Azure Active Directory and other downstream impacted services may experience a significant delay in availability of logging data for resources," the Azure status page explains. Tools including Azure Portal, …
Oh boy have you said a mouthful there. Posting anonymously because I don't want to be sued by MS.
If you have the 365 service alerts turned on you will know that for weeks now it has been a tidal wave of "service degradation" messages many of which missed update deadlines.
Most of the "service restored" or Post Incident Report messages have also had a comment about a recent update/upgrade/new feature being the cause with a footnote of looking at how to improve their pre rollout testing.
PMSL.
MS is not able to hide behind their usual "sorry we broke your desktop/server because there are too many possible combinations of hardware and software to test" excuse here.
The hardware and software in the the M365 cloud is entirely their own.
Given that you have to wonder if MS isn't one of the richest companies in the world because of all the money they have saved by making its customer into people who are paying them for the privilege of being their unpaid Alpha testers.
The biggest issue I saw with Azure Active Directory logs, when connecting things like Splunk to them was that there was no sequence number.
Azure would aggregate all these messages in the back end. Say you collect everything from 10:00:00 through 10:05:00, all good, right? It turns out a couple of servers were down at that point and now they've sent their logs in. There's extra messages there waiting for you, how do you know? Well, you've got to request that time period again and amend your own logs. How do you know to request that time period again? You don't.
MICROSOFT PLEASE IMPLEMENT SEQUENCE NUMBERS ON LOG MESSAGES.
Well yes, but the difference is that if this was Microsoft's support site, you'd get a standard template response along the lines of
"Hello, my name is $NAME and I am a Microsoft customer support engineer.
Please try the following..."
...then describes processes for running SFC /scannow, a Defender virus scan, and a check for updates, as if those have ever resolved the kind of problems people post to the support forums.
"Hi, for some reason Windows 10 now displays some shite at the top of the Settings window about 'Rewards', I don't want this how do I remove it?" "please run SFC /scannow..."
"How do I stop Windows from incessantly installing crapware that I don't want, if I remove Candy Fucking Crush Sodding Saga one more time I will go postal" "please run SFC /scannow..."
I spent a lot of time reading the MS docs on how to create Azure services, and sequence numbers are contrary to the design patterns. If you split your service over multiple instances on different servers, how would they co-ordinate these sequence numbers? Instead, Azure has this fuzzy concept "eventual consistency", which as near as I can make out is just hand-waving and declaring "good enough".
LOL this is fuck all.....
I have found an exploit where an admin can log off a totally unrelated domain.... as in log off close windows.....
then using another admin account from a TOTALLY unrelated domain log BACK into that old domain.
as in a.com physically log out... close windows
B.com log BACK into A.com..... USING B.com auth.
So in theory a user with admin right is B.com , if caught right can gain access to A.com if they can catch it within say 5 minutes
"currently investigating a recent build roll out as the cause"
That's the root problem with all of Microsoft's online whiz-bang stuff - they won't stop fucking with it. Doesn't matter if it's Exchange Online, Sharepoint, Office apps, Azure, etc. It's a source of constant twiddlement by Microsoft, so we users can't ever really refer to it as "stable" at any point in time, the best we can do is refer to it as "mostly working and not down right this minute". Which, eh, isn't exactly a ringing endorsement. Not that MS gives a shit - look, new shiny shiny in Teams, we love you users, sorry our products are sub-par, please don't migrate to Google, look, new shiny shiny in OWA.
We have used Basecamp as a project management/teaming solution for a while, and while I don't approve of all their features I have really appreciated their approach of running major versions in parallel and offering an upgrade path "on-demand" to the customer. This *includes* the API for integrations.
While they do add some minor features to their running versions, and bugfix, but they have not ever taken anything away from an existing version. They do not always provide equivalent features in the new version, but it is the customer's choice to upgrade or not.
Very hard to train and test on Azure stuff as it is a constantly moving target.
I did some O365 training a few years ago. The instructor said not to bother with two whole sections of the official MS training material to do with DirSync and ADFS as Dirsync had been replaced by Azure AD Connect and the way you setup ADFS had completely changed.
Then, while doing some mock questions before the exam, one came up where only one of the answers was correct until recently, but a recent change meant that two of the answers were now valid. When sitting the test you would need to know when the questions were written to make sure you were giving the correct answer, plus possibly needing to learn stuff which is now obsolete just in case a question comes up about it.
More recently, while trying to do something in O365, searching found three sets of documentation to do the same thing that were all different from each other. One was the official MS stuff, two were 3rd party sites. None of them fully matched reality.
Its madness.
I speak from a position of ignorance, not choosing or being forced to use Azure, but wouldn't proper documentation completely obviate the need for such training?
Having to take an exam on the (assumedly) undocumented nebulosity looks like cruel and unusual treatment.
Not that it's any excuse for them, but I'm currently doing some work using Facebook APIs, and the experience is no better. New features are released, which my employers are contractually obliged to use, but they simply don't work, and the error / status codes returned are not documented anywhere.
My technical contact at Facebook agrees that there's no obvious explanation.
At least they don't, so far as I know, offer (or, >shudder<) require "certification".
-A.
Training can be useful as it can fill in knowledge gaps, especially of parts of products you don't use often. You may not know an option exists, until you see it in training. Plus, a good instructor is invaluable. You can learn a lot that isn't in the official material.
Certification is required to maintain partner levels with vendors and is usually the only reason I bother.
I don't wish to mock, but I can't help myself. It's nothing personal.
> Training can be useful as it can fill in knowledge gaps
I should hope so, or it has precisely no point.
Still having thus mocked I must report that my employers repeatedly entice me to waste my time on "training" which turns out to be statements of the bleeding obvious (e.g. not responding to phishing spam) or otherwise of no value whatsoever (e.g. why I ought to tell everyone that I am a he/him despite this being patently obvious).
I ignore them.
> You may not know an option exists
That's my point. If you find yourself in that position then the documentation was deficient.
> Plus, a good instructor is invaluable. You can learn a lot that isn't in the official material.
I agree on the first point. The second implies that somehow good instructors are able to fathom features which aren't properly documented. Please don't mention this possibility to the Microsoft "partners" who offer such training. They might interpret it as a good reason to encourage Microsoft to deliberately issue rubbish documentation to their profit.
-A.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
