Microsoft's multi-factor authentication service flakes out again

Microsoft has announced another outage of its multi-factor authentication service (Image antorti / iStockPhoto)

Just one day after Microsoft came clean with an explanation of a November 19 outage that blocked users of Office 365 from logging into their accounts using Multi-Factor Authentication (MFA), today the service again went on the fritz.

"Starting at 14:25 UTC on 27 Nov 2018, customers using Multi-Factor Authentication (MFA) may experience intermittent issues signing into Azure resources, such as Azure Active Directory, when MFA is required by policy," read the Azure status dashboard. Two and a half hours later, the dashboard reported that after resolving a problem with an earlier DNS (Domain Name Service) issue, engineers rebooted the services. "They observed a decrease in the failure rate after the reboot cycles," the dashboard concluded.

The latest MFA problem came the day after Microsoft described last week's 14-hour failure in an after action-style report posted to the Azure dashboard. In a long report - over 1,150 words - Microsoft identified three root causes, detailed the failures and steps engineers took to recover the service, and spelled out steps it plans to take over the next two-plus months to review and update its processes and procedures.

"We sincerely apologize for the impact to affected customers," Microsoft said near the report's end.

Calling the pair of outages "troubling," analyst Wes Miller of Directions on Microsoft pointed out that a service like Azure Active Directory and its MFA "has to be designed to be incredibly robust."

He was encouraged, he continued, by the after-action report's tone.

"My hope is that the [Azure] team has the right perspective. It looks like they do," he said of the outlined steps to reevaluate service update deployments and find ways to restore service faster. Engineers won't rush to judge the problem and propose a fix, Miller said, one way to easily make things worse. And unlike the Windows 10 group, the Azure team has been forthcoming about causes and reactions.

Microsoft promised that an accounting of Tuesday's outage would be posted on the Azure dashboard within 72 hours.

Computerworld (US)


Suggested Articles

Citibank has plead guilty to violating the Personal Data Privacy Ordinance by failing to comply with a direct marketing opt-out request

Hong Kong organizations name employee mistakes as their top data security threat, but have been slower to adopt encryption than their global peers

Dell says AI is amongst the top spending priorities for business leaders in the APJ region