Office 365/Azure Multi-Factor Authentication Issue Leads to Downtime

Ah, Thanksgiving. Typically, a week full of family travels, exercising booked vacation time and in some cases, thinking ahead to bargain deals on Friday. But now, it’s perhaps not your typical week this week for those expecting to start relaxing early.  

An issue with multi-factor authentication (MFA) at login caused headaches for Microsoft Office 365™ and Azure administrators, putting the dampeners on plans IT admins may have been making today.

Microsoft acknowledged the issue early Monday, saying in tweets they were investigating reports that users were unable login to Office 365 and Azure services such as Azure Active Directory when MFA is required by policy.

Users in Europe, Asia and North America were reportedly impacted by the MFA issue. As of 10 a.m. EST in the US, Microsoft engineers were deploying code to fix the issue for Office 365 users.

For Azure, engineers deployed a hotfix eliminating the connection between Azure Identity MFA and a backend service. Microsoft said users should start seeing their access restored shortly.

This can’t come soon enough for admins, including one on Twitter who said their users were “starting to search for their torches and pitchforks.”

Another in the US was hopeful this issue wouldn’t ruin their Thanksgiving holiday.

Being Better Prepared for Office 365/Azure Downtime

Monday’s disruption comes about three weeks after a similar login problem for Office 365 that also impacted users across multiple geographic locations.

So, it’s another day, another Office 365 disruption, and another nuisance for admins and employees alike. With less than a month between disruptions, incidents like today’s Azure multi-factor authentication issue pose serious productivity risks for those sticking to a software-as-a-service monoculture.

Office 365 is a huge cloud service, so to be fair here, many factors can play into downtime for Office 365 customers. For example, in September, outages came about because of lightning strikes taking out cooling systems for data centers in San Antonio, Texas. They can’t control the weather, but redundancy at all levels is a customer expectation. 

While it’s unclear the root cause of Monday’s disruption, it is clear users and admins need to have a plan in place when things go wrong in Office 365 or Azure.

With huge operational dependency on the Microsoft environment, no organization should trust a single cloud supplier without an independent cyber resilience and continuity plan to keep connected and productive during unplanned, and planned, email outages.

The Impacts of Office 365/Azure Outages

Anytime there’s an email outage—or any outage that impacts the productivity of employees—there is potential for massive monetary loss for any company affected.

Without the ability to securely login, knowledge worker employees are unable to do their jobs. The question is if your work email and productivity are dependent on Office 365, how much have these hours of disruption cost you so far?

Learn how you can make your Office 365 environment more cyber resilient here.

Want to stay up to date on the latest industry news and analysis? Subscribe today to Cyber Resilience Insights to get articles like this delivered right to your inbox.