November 20, 2018

Azure, Office 365 users hit by multi-factor authentication issue

The users were no longer able to receive notifications on their mobile devices as a result of the outage experienced.

Office 365

Microsoft Azure and Office 365 users were not able to sign into their accounts on 19th November 2018 due to a multifactor authentication (MFA) issue that was prominent across Europe, Asia and the Americas. As a result of this issue, users were unable to reset their passwords resulting in a total lockout situation.

A spokesperson for Microsoft stated that a large set of customers were unable to receive any updates or notifications on their cell phones. They also claimed that Microsoft were looking into the issue by going through their diagnostic logs to arrive at the root cause.

Microsoft say that according to their Office status page, the Azure and Office 365 MFA services started getting affected at 4:39 am UTC (Universal Time Coordinated). They noticed that those affected had issues logging into Azure assets like Azure Active Directory when MFA was required.

According to Microsoft Azure engineers, around twelve noon ET (Eastern Time) on 20th Nov 2018, they sent a hotfix to the affected regions but it took time to produce the required results especially across Europe and APAC. They revealed that they have seen a decrease in confirmation mistakes because of the hotfix and also claim that certain subsets of their clientele were not receiving SMS, Call or Push messages for MFA.

The Aure status page noted that their engineers were continuously exploring extra workstreams and potential impact on clients in other Azure regions to completely alleviate this issue.

The tech giant revealed that by 4:30 pm ET, Microsoft users were notified that the MFA issue by all accounts, for the most part, was resolved. Their status page currently says all administrations are now running normally.

This event is reminiscent of ZOHO users facing similar troubles as a result of their website taken down due to phishing violations. Let us hope that both software firms take a lesson from these events and prevent them from recurring again.