We are getting alerts every month that the Azure threat protection sensor updater service crashed and will be restarted after 5000ms, When i log in and check all services are in a running state in the dc servers.
As per MS documentation, this service will be restarted when there is a new version of the sensor released by MS.
But sometimes even if there is no release also this service is crashing and restarting on its own, suspecting it is due to a minor version upgrade. Is there any we can track minor version releases also??
All sensor updates are minor, we don't do major upgrades any more. Cadence of updates is usually one per week. When you say you are getting alerts, are those MDI health alerts or some custom alerts you created via a 3rd party method?
What do you see in the text log files of the sensor and the updater during the UTC time of the reported alert? what were they doing when it happened ?