Microsoft’s Multi-Factor Authentication Service Outage Occurs

Multi-Factor Authentication Locks Azure/Office 365 Customers out

On November 19, Microsoft’s Multi-Factor Authentication service outage lasted for 14 hours. Since Microsoft Azure Active Directory and Office 365 users authenticate via this service by using an additional authentication factor rather than their passwords, they were locked out of the service.

In the beginning, Microsoft deployed a hotfix to customers who had trouble logging into their Microsoft Office 365, Azure Active Directory, etc. accounts so as to solve the Multi-Factor Authentication issue.

But this company learned that some users hadn’t received the authentication codes that they should get by SMS or other ways. Later, it discovered this MFA issue was caused by a recent update that aimed at improving the connection to caching services.

And three independent root causes were found when the Azure team investigated the outage, for example, latency issue in the MFA front-end’s communication to its cache services, a race condition in processing responses from the MFA back-end server and the MFA back-end being unable to process any further requests from the front-end.

Microsoft Users Are Locked out Again

Just once a week after the global problem with Microsoft MFA service plagued a few customers, another Multi-Factor Authentication outage is impacting a number of users.

Starting around 9:15 am, U.S. East, a lot of Office 365 customers started reporting on Twitter that MFA problem couldn’t let them sign into that service once again. You know, Office 365 is one of the services using Azure Active Directory MFA to authenticate.

A bit more than two hours after Microsoft discovered the problem, the company updated Azure status dashboard so as to reflect the possibility of a cross-region potential outage affecting MFA.

And this company said on the status dashboard that influenced users may experience failures when they attempt to authenticate into Azure resources where MFA is necessary by policy.

Besides, engineers are investigating the MFA issue and they will provide the next update in 60 minutes or while events occurred. When seeing Microsoft 365 status account on Twitter about 10.38 am, U.S. East, you know all details can be found under Service Incident (SI) #MO165847.

What Is Microsoft Doing?

According to Microsoft, they describe a multi-pronged plan to try to prevent this kind of Multi-Factor Authentication outage from happening. However, some of the required steps may not be finished until January 2019.

From the Azure status page, you know the mitigation measure has started. Currently, engineers are in the process of cycling backend services responsible for processing MFA requests. And the mitigation move is being pushed out region by region and many regions have already finished. After each region completes, engineers will reassess impact.

As the action of mitigation continues, Microsoft say that they have found the cause of this Multi-Factor Authentication issue. Reportedly, a Domain Name System (DNS) issue gives rise to sign-in requests to fail. Now, the issue is mitigatory and they are restating the authentication infrastructure.

As for this MFA outage, officials from Microsoft say on the Azure status page that a full root-cause analysis will be posted in 72 hours.

Final Words

Multi-Factor Authentication outage is one of the most important services that prompt Microsoft to reevaluate its update-deployment procedures.

And Microsoft’s Windows 10, (the company dubbed Windows as a service ), is also plagued by many issues by updates, for example, user documents are wiped, UWP bug, mapped drives broken issue, and so on.

Microsoft should learn the lesson and roll out more stable services to customers.