Microsoft Restores Azure Multifactor Authentication Service Yet Again -- Redmondmag.com

Microsoft Restores Azure Multifactor Authentication Service Yet Again

By Kurt Mackie
11/27/2018

Microsoft apparently has addressed an Azure multifactor authentication (MFA) service outage for the second time in as many weeks.

Microsoft's Azure Status History page provided a preliminary analysis of the issue, and promised that a full analysis would appear "within 72 hours." The MFA problem, which prevented users from signing into Azure services, lasted from 6:25 a.m. to 9:08 a.m. PST (14:25 to 17:08 UTC) on Nov. 27.

Microsoft is now describing this Nov. 27 issue as being "mitigated." An earlier report by Microsoft's engineering staff had sketched out those mitigation steps as follows:

Engineers are currently in the process of cycling backend services responsible for processing MFA requests. This mitigation step is being rolled out region by region with a number of regions already completed. Engineers are reassessing impact after each region completes. Engineers have also determined a Domain Name System (DNS) issue caused sign-in requests to fail, but this issue is mitigated and engineers are restarting the authentication infrastructure.

The root cause, according to the preliminary analysis, was traced to an earlier DNS issue, which had "resulted in backend infrastructure becoming unhealthy." The exact nature of the DNS problem isn't clear. However, the Nov. 27 MFA outage wasn't the first such service outage to occur this month.

On Nov. 19, Microsoft had described another MFA problem that it later resolved. In this case, Azure Active Directory users in the Americas, Asia and Europe were unable to log in when MFA sign-ins were required as part of policy settings. The Nov. 19 service outage started at 8:39 p.m. and lasted until 10:38 a.m. the next morning (04:39 to 18:38 UTC). In this case, Microsoft's engineers described having problems with "the MFA front server" after a software update had been applied.

The extent of the two outages isn't exactly clear, but the Downdetector.com site, which samples status report data to track service outages, including Twitter complaints, published the following heatmap of the Azure outage:

**[Click on image for larger view.]** *Heatmap of the Microsoft Azure outage on Nov. 27, 2018 by Downdetector.com.*

Microsoft's Azure Status page indicated that "services are operating normally." However, this page doesn't specifically break out MFA as one of the services described.

Both issues were noted earlier by veteran Microsoft reporter Mary Jo Foley.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.