check before: 2024-11-01
Product:
Defender, Defender for Office 365, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message, User impact
Links:
Details:
Summary:
Microsoft Defender for Office 365 is migrating its data platform to improve performance, scalability, and data consistency across investigation and hunting tools. Phase 1 completed in June 2025; Phase 2 targets December 2025. Users may see slight data delays or brief loading issues, but no admin action is needed.
Details:
Updated July 24, 2025: We have updated the timeline. Thank you for your patience.
As part of our ongoing efforts to enhance performance and scalability, Microsoft Defender for Office 365 investigation and hunting experiences are undergoing a data platform migration to establish a more robust, efficient, and scalable data storage system. This migration aims to improve data consistency and reliability, particularly in investigation and threat-hunting experiences.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We began rolling out this migration and Phase 1 of performance improvement early November 2024 and was completed in late June 2025.
The rollout of Phase 2 of performance improvement is targeted for end December 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-03-28
updated:
2025-07-25
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Data Availability Delays
Users may experience slight delays in data availability, particularly in accessing email metadata and post-delivery actions like quarantine release and manual remediation.
- roles: Security Analysts, End Users
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-office-365-platform-migration-for/ba-p/123456
Intermittent Loading Issues
Users may encounter intermittent failures when loading the Email Summary Panel immediately after email delivery, which will resolve automatically once data is processed.
- roles: Security Analysts, End Users
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-office-365-platform-migration-for/ba-p/123456
User Experience Disruption
The migration may lead to brief loading issues in various user experiences, potentially disrupting workflows for security analysts and end users.
- roles: Security Analysts, End Users
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-office-365-platform-migration-for/ba-p/123456
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Improved Data Consistency Across User Experiences
The migration to a unified data platform will ensure that security analysts have access to consistent and reliable data across various investigation and hunting tools. This will reduce discrepancies and enhance the overall user experience for security teams.
- next-steps: Conduct training sessions for security analysts to familiarize them with the new unified platform and its benefits. Develop documentation outlining the changes and best practices for utilizing the new system effectively.
- roles: Security Analysts, IT Security Managers, Compliance Officers
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/announcing-microsoft-defender-for-office-365-data-platform/ba-p/2135683
Enhanced Performance and Accuracy in Advanced Hunting
With the migration optimizing the data ingestion pipeline for Advanced Hunting, analysts will experience improved data freshness and accuracy, allowing for more effective threat detection and response.
- next-steps: Implement a feedback loop with security analysts to assess the performance improvements and identify any remaining issues in data quality. Regularly review and adjust monitoring tools to ensure they align with the new performance standards.
- roles: Security Analysts, Threat Hunters, IT Operations Managers
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/announcing-microsoft-defender-for-office-365-data-platform/ba-p/2135683
Strengthened Proactive Monitoring Capabilities
The new platform will enhance real-time monitoring and alerting mechanisms, enabling proactive detection and resolution of issues before they affect user workflows, thus minimizing downtime.
- next-steps: Review and update the existing monitoring and alerting frameworks to integrate with the new platform capabilities. Train IT operations staff on the enhanced monitoring tools to ensure quick response to potential issues.
- roles: IT Operations Managers, System Administrators, Security Analysts
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/announcing-microsoft-defender-for-office-365-data-platform/ba-p/2135683
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is making some updates to Microsoft Defender for Office 365, which is a tool that helps protect email and other Office 365 services from threats. Imagine Microsoft Defender as a security guard for your email, always on the lookout for suspicious activity. To make this security guard even more effective, Microsoft is upgrading the system it uses to store and process data.
Think of this upgrade like renovating a library. The old library was good, but the new one will have more shelves, better lighting, and a more organized system for finding books. Similarly, the new data platform will be more efficient, consistent, and reliable, helping security analysts to better investigate and hunt for threats.
The transition is happening in two phases. The first phase finished in June 2025, and the second phase is expected to be done by December 2025. During this time, users might notice some slight delays or brief issues when accessing certain data, much like how a library might temporarily misplace a book during a renovation. However, these issues should resolve themselves quickly, and no action is needed from administrators.
The benefits of this upgrade include ensuring that all data is consistent across different tools, like Threat Explorer and Advanced Hunting, which are used to investigate threats. This is similar to making sure that all copies of a book in the library have the same information. The new system will also allow Microsoft to develop new features more quickly, just as a modern library can more easily add new books and services.
Overall, while there might be some minor disruptions during the transition, the end result will be a more powerful and efficient system for keeping your email and data secure. Just like a newly renovated library, the upgraded platform will offer better service and reliability for everyone who uses it.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-07-25 | MC MessageTagNames | Feature update, User impact, Admin impact | Updated message, Feature update, User impact, Admin impact |
| 2025-07-25 | MC Summary | Microsoft Defender for Office 365 is migrating its data platform to enhance performance and scalability, aiming for completion by late June 2025. Benefits include improved data consistency, parity between tools, enhanced performance, and faster feature development. Users may experience slight delays and intermittent failures during the transition. No admin action is required. | Microsoft Defender for Office 365 is migrating its data platform to improve performance, scalability, and data consistency across investigation and hunting tools. Phase 1 completed in June 2025; Phase 2 targets December 2025. Users may see slight data delays or brief loading issues, but no admin action is needed. |
| 2025-07-25 | MC Last Updated | 03/28/2025 06:32:40 | 2025-07-24T21:10:49Z |
| 2025-07-25 | MC Messages | As part of our ongoing efforts to enhance performance and scalability, Microsoft Defender for Office 365 investigation and hunting experiences are undergoing a data platform migration to establish a more robust, efficient, and scalable data storage system. This migration aims to improve data consistency and reliability, particularly in investigation and threat-hunting experiences.
[When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We began rolling out this migration early November 2024 and expect to complete by late June 2025. | Updated July 24, 2025: We have updated the timeline. Thank you for your patience.
As part of our ongoing efforts to enhance performance and scalability, Microsoft Defender for Office 365 investigation and hunting experiences are undergoing a data platform migration to establish a more robust, efficient, and scalable data storage system. This migration aims to improve data consistency and reliability, particularly in investigation and threat-hunting experiences. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We began rolling out this migration and Phase 1 of performance improvement early November 2024 and was completed in late June 2025. The rollout of Phase 2 of performance improvement is targeted for end December 2025. |
| 2025-07-25 | MC Title | Microsoft Defender for Office 365: Platform migration for enhanced data storage and performance | (Updated) Microsoft Defender for Office 365: Platform migration for enhanced data storage and performance |
| 2025-07-25 | MC How Affect | Key benefits
Ensures data consistency across multiple user experiences: By consolidating data management under a unified platform, this migration will eliminate discrepancies between different workflows, ensuring that security analysts have access to consistent and reliable data across various investigation and hunting experiences. Establishes data parity between Threat Explorer and Advanced Hunting: By leveraging a single, unified data source, the migration will ensure that data retrieved in Threat Explorer and Advanced Hunting remains synchronized. This reduces the chances of data disparity between different tools and allows security teams to conduct investigations with better accuracy. Enhances the data pipeline for Advanced Hunting, resulting in improved performance and accuracy: The migration will optimize data ingestion pipeline and proactive monitoring system of Advanced Hunting. This will lead to improved data freshness and reduce the chances of potential data quality issues in data pipeline. Accelerates development cycles for new features built on the new data platform: The modernized data architecture will enable faster iteration and deployment of new features. By reducing dependencies on legacy systems and adopting a scalable infrastructure, Microsoft can introduce feature enhancements more rapidly, bringing greater value to security analysts. Strengthens proactive monitoring capabilities to minimize potential impact on customer workflows: The new platform will enhance real-time monitoring and alerting mechanisms, allowing for proactive detection and resolution of issues before they impact user workflows. Improved observability will ensure that any latency or disruptions are identified early, reducing downtime and improving system reliability. Potential impact No direct impact on customer data. While the new platform brings significant improvements, users may experience slight delays in data availability (such as email metadata and post-delivery actions like quarantine release and manual remediation) in certain experiences, including Threat Explorer, Email Entity, and the Email Summary Panel. In some cases, users may encounter intermittent failures for brief moment when loading the Email Summary Panel from experiences such as Quarantine and Submission immediately after an email is delivered. However, this will automatically resolve once the necessary data has been processed and stored. Resolution plan While our team works on the migration, we are also actively working on optimizing the performance of the new data platform to align as closely as possible with the data freshness rate of Threat Explorer before the data platform migration. Also, efforts are underway to minimize failure rates across user experiences caused by temporary data unavailability. The phase 1 performance improvement work is expected to be completed by late June 2025. After that, our teams will be continuously monitoring the latencies and investing in further improvements to ensure seamless security operations experience to end users. This change will be available by default. | Key benefits
Ensures data consistency across multiple user experiences: By consolidating data management under a unified platform, this migration will eliminate discrepancies between different workflows, ensuring that security analysts have access to consistent and reliable data across various investigation and hunting experiences. Establishes data parity between Threat Explorer and Advanced Hunting: By leveraging a single, unified data source, the migration will ensure that data retrieved in Threat Explorer and Advanced Hunting remains synchronized. This reduces the chances of data disparity between different tools and allows security teams to conduct investigations with better accuracy. Enhances the data pipeline for Advanced Hunting, resulting in improved performance and accuracy: The migration will optimize data ingestion pipeline and proactive monitoring system of Advanced Hunting. This will lead to improved data freshness and reduce the chances of potential data quality issues in data pipeline. Accelerates development cycles for new features built on the new data platform: The modernized data architecture will enable faster iteration and deployment of new features. By reducing dependencies on legacy systems and adopting a scalable infrastructure, Microsoft can introduce feature enhancements more rapidly, bringing greater value to security analysts. Strengthens proactive monitoring capabilities to minimize potential impact on customer workflows: The new platform will enhance real-time monitoring and alerting mechanisms, allowing for proactive detection and resolution of issues before they impact user workflows. Improved observability will ensure that any latency or disruptions are identified early, reducing downtime and improving system reliability. Potential impact No direct impact on customer data. While the new platform brings significant improvements, users may experience slight delays in data availability (such as email metadata and post-delivery actions like quarantine release and manual remediation) in certain experiences, including Threat Explorer, Email Entity, and the Email Summary Panel. In some cases, users may encounter intermittent failures for brief moment when loading the Email Summary Panel from experiences such as Quarantine and Submission immediately after an email is delivered. However, this will automatically resolve once the necessary data has been processed and stored. Resolution plan While our team works on the migration, we are also actively working on optimizing the performance of the new data platform to align as closely as possible with the data freshness rate of Threat Explorer before the data platform migration. Also, efforts are underway to minimize failure rates across user experiences caused by temporary data unavailability. The phase 1 performance improvement work was completed in late June 2025. After that, our teams are continuously monitoring the latencies and investing in further improvements to ensure seamless security operations experience to end users. Phase 2 of the performance improvement plan is targeted to further improve the data freshness rate and is expected to complete by end of December 2025. This change will be available by default. |
Last updated 2 days ago ago
