Microsoft Defender XDR Portal Suffered Brief Outage, Now Fully Restored

Microsoft Defender XDR faced a significant service disruption yesterday after a sudden traffic spike caused heavy CPU overload on core components powering the Defender portal. The outage left some customers unable to access key features, including threat-hunting alerts and device visibility. Microsoft now confirms the issue has been fully mitigated and the service is stable again.

According to a post on X, the incident was detailed on the Microsoft 365 admin center under DZ1191468, where the company warned that customers might be blocked from accessing or using certain Defender portal capabilities. As reported, organizations trying to view alerts, hunt threats, or manage endpoints reported missing data and partially broken dashboards.

The root cause, the company said, was “a spike in traffic [that] caused high Central Processing Unit (CPU) utilization on components that facilitate Microsoft Defender portal functionalities.”

In an update on X, Microsoft said it had applied mitigation steps and increased processing throughput. Later, the company followed up with another post on X confirming that it “[had] received confirmation from additional organizations that the issue [was] resolved. Monitoring telemetry shows the service has remained stable for an extended period.”

Microsoft has reportedly also confirmed that it will share a preliminary post-incident report within two business days, followed by a full report within five days.