Forum Discussion
Customer CUSTOMER_NAME notified of anomalous activity in Azure subscription
How do others feel about the alerts showing up in the Partner Center?
We’ve detected suspicious or malicious activity in this Azure subscription. The customer of this subscription has been notified.
What suspicious or malicious activity did microsoft detect you ask?
An important security update is available for your Windows Server Update Services (WSUS) resource(s).
That's right, there is no suspicious or malicious activity. Microsoft wants people to install an out of band security update and thought sending a notification to all azure customers was the best way to ensure that happened. Half the clients that received this alert aren't even running windows servers! Those that are running windows servers do not have the WSUS role installed.
All the clients Microsoft alerted us about to suspicious activity in their subscriptions... Don't use WSUS
We did have the pleasure of manually closing every single alert as "ignore" and I'm delighted to know that these alerts didn't count towards the security requirement to have an avg response time of less than 24h.
I thought the partner security alerts were to notify us of critical issues microsoft detected in azure subscriptions. This, does not appear to be that.
Am I missing something? thoughts?
1 Reply
We had the exact same happen and none of our Azure customers use WSUS.
Many hours wasted.
These were supposed to be for fraud related alerts.
They should not be for notification to patch server, and certainly not false positives where the supposed services are not being used. Very poor from Microsoft IMO.
