Microsoft Office 365 and Azure users locked out of accounts due to MFA issues

The MFA issue which lasted all-day Monday is the latest in a string of Microsoft cloud service outages

Office 365 logo being viewed through a magnifying glass

Azure and Office 365 users were unable to login to their accounts yesterday due to issues with Microsoft's multi-factor authentication (MFA) service.

From 4.39am on Monday until later that evening users in the UK and Western Europe, as well as pockets around the world, were unable to access their Office 365 accounts.

Advertisement - Article continues below

Azure services such as Azure Active Directory was also closed off to users whose organisations enforced mandatory MFA.

Although Microsoft says its services are now operating as normal, this incident has angered organisations trying to convince their employees of MFA's benefits, as well as those who have had to contend with similar outages in recent months.

The cause, according to Azure's status history, lied with requests from MFA servers, sent to a European-based database, reaching operation threshold, which in turn caused latency and timeouts.

Attempts to reroute traffic through North America ended in failure, and caused a secondary issue when servers become unhealthy and traffic was throttled to handle increased demand.

"Engineers deployed a hotfix which eliminated the connection between Azure Identity Multi-Factor Authentication Service and a backend service. Secondly, engineers cycled impacted servers which allowed authentication requests to succeed," Microsoft wrote.

"Engineers will continue to investigate to establish the full root cause and prevent future occurrences."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The firm says it will publish a full analysis of the outage within the next couple of days.

Error messages that users received upon trying to access their Office 365 and Azure accounts

Monday's issues are the latest in a string of prominent Microsoft Azure and Office 365 outages customers have had to suffer in recent months, with the previous incident occurring just three weeks ago.

The days-long outage, which struck in late October, left predominately UK users unable to login to Office 365 due to additional login prompts appearing after user credentials had already been entered.

Another global outage in September affected Azure and Office 365 users across the world after a "severe weather event" knocked one of Microsoft's San Antonio-based servers offline.

"With less than a month between disruptions, incidents like today's Azure multi-factor authentication issue pose serious productivity risks for those sticking to a software-as-a-service monoculture," said Mimecast's cyber resilience expert Pete Banham.

Advertisement - Article continues below

"With huge operational dependency on the Microsoft environment, no organisation should trust a single cloud supplier without an independent cyber resilience and continuity plan to keep connected and productive during unplanned, and planned, email outages.

"Every minute of an email outage could costs businesses hundreds and thousands of pounds. Without the ability to securely log in, knowledge worker employees are unable to do their jobs."

IT Pro approached Microsoft for comment.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/microsoft-azure/34748/meet-azure-arc-a-microsoft-platform-for-those-that-want-a-bit-of-everything
Microsoft Azure

Meet Azure Arc, a platform to simplify deployment management

4 Nov 2019
Visit/security/hacking/355854/hackers-wreaking-havoc-on-googles-cloud-infrastructure
hacking

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020
Visit/cloud/355386/finding-the-right-cloud-solution-for-your-database
Sponsored

Finding the right cloud solution for your database

21 Apr 2020
Visit/cloud/cloud-computing/355188/canonical-launches-managed-apps-to-simplify-cloud-operations
cloud computing

Canonical launches Managed Apps to simplify cloud operations

1 Apr 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020