MFA Lockout For Microsoft & Azure Users Causes Business Disruption
The latest multi-factor authentication (MFA) issue left users of Azure and Microsoft Office 365 unable to login to their accounts on Monday 21st, causing widespread disruption to businesses in Europe, Asia, and some parts of the US.
According to reports by Azure, the root cause was a European-based database, reaching operation threshold with requests from MFA servers. This led to latency and timeouts, and an attempt to re-route traffic through North America caused the extra traffic to block servers.
After lasting from 4.39 am to the evening in the UK, the problem was finally rectified. According to Microsoft reports, services could be resumed after engineers removed the link between the backend service and the Azure Identity MFA service, thereby allowing the impacted servers to catch up with the existing authentication requests.
This was certainly not the first time that disruptive outages had occurred with Azure and Microsoft’s service. For example, a global outage in September this year affected Azure and Office 365 users worldwide after one of Microsoft’s San Antonio-based servers was knocked offline by severe weather. Also, in October, UK Office 365 users endured a 3-day-long outage and had the frustration of having more login prompts appearing after their user credentials had already been entered.
Multi-factor authentication, which works by requiring any two or more verification methods for a login / transaction, such as a randomly generated passcode, a phone call, a smart card (virtual or physical), or a biometric device, is designed to be beneficial to a user and their business because it should provide an extra layer of security for user sign-ins and transactions. Unfortunately, in the case of this most recent outage, MFA cost users rather than helping them.
What Does This Mean For Your Business?
For some companies, the recent outages at Microsoft and Azure are likely to bring into focus the dangers of placing huge operational dependency on one environment i.e. Microsoft, and of trusting a single cloud supplier to keep connected and productive during unplanned (and planned) email outages, especially when you have no independent cyber resilience and continuity plan. In recent months, many businesses will have been counting the productivity costs of sticking to a software-as-a-service monoculture with a company whose service has let them down on several occasions. Unfortunately, the dominance of big tech companies with their familiar Operating Systems and environments, and the fact that most businesses are committed to them with few possible, practical alternatives to choose from, mean that most businesses may simply have to unhappily endure the outages and weigh them up against the benefits and reliability of the environment generally.
For Microsoft, these outages can be damaging to its reputation and can shake the trust of its prized business users.