Microsoft Restores Azure Multifactor Authentication Service Yet Again
Microsoft apparently has addressed an Azure multifactor authentication (MFA) service outage for the second time in as many weeks.
Microsoft's Azure Status History page provided a preliminary analysis of the issue, and promised that a full analysis would appear "within 72 hours." The MFA problem, which prevented users from signing into Azure services, lasted from 6:25 a.m. to 9:08 a.m. PST (14:25 to 17:08 UTC) on Nov. 27.
Microsoft is now describing this Nov. 27 issue as being "mitigated." An earlier report by Microsoft's engineering staff had sketched out those mitigation steps as follows:
Engineers are currently in the process of cycling backend services responsible for processing MFA requests. This mitigation step is being rolled out region by region with a number of regions already completed. Engineers are reassessing impact after each region completes. Engineers have also determined a Domain Name System (DNS) issue caused sign-in requests to fail, but this issue is mitigated and engineers are restarting the authentication infrastructure.
The root cause, according to the preliminary analysis, was traced to an earlier DNS issue, which had "resulted in backend infrastructure becoming unhealthy." The exact nature of the DNS problem isn't clear. However, the Nov. 27 MFA outage wasn't the first such service outage to occur this month.
On Nov. 19, Microsoft had described another MFA problem that it later resolved. In this case, Azure Active Directory users in the Americas, Asia and Europe were unable to log in when MFA sign-ins were required as part of policy settings. The Nov. 19 service outage started at 8:39 p.m. and lasted until 10:38 a.m. the next morning (04:39 to 18:38 UTC). In this case, Microsoft's engineers described having problems with "the MFA front server" after a software update had been applied.
The extent of the two outages isn't exactly clear, but the Downdetector.com site, which samples status report data to track service outages, including Twitter complaints, published the following heatmap of the Azure outage:
Microsoft's Azure Status page indicated that "services are operating normally." However, this page doesn't specifically break out MFA as one of the services described.
Both issues were noted earlier by veteran Microsoft reporter Mary Jo Foley.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.