Azure Logging just Changed - Your Detections May be Missing it by Alex Groyz

This report explains that Azure's move from VM-based diagnostics extensions to centralized Data Collection Rules (DCRs) with the Azure Monitor Agent can allow a single API call to silently disable logging across multiple VMs, producing delayed or misattributed activity in Azure Activity Logs and creating detection gaps; defenders are advised to monitor DCR and DCR-association events and update detections accordingly.