Just over a week after a global problem with its multi-factor authentication (MFA) service plagued a number of users, another Microsoft MFA outage is impacting a number of customers. Many, but not all, of the customers reporting problems today seem to be U.S.-based.
Starting around 9:15 a.m. ET, a number of Office 365 customers began reporting on Twitter that they were unable to sign into that service because of an MFA issue. Office 365 is one of a number of Microsoft services that uses Azure Active Directory MFA to authenticate.
Around 10:15 a.m. ET, Microsoft’s Azure status dashboard was updated to reflect the possibility of a cross-region potential outage impacting MFA.
“Impacted customers may experience failures when attempting to authenticate into Azure resources where MFA is required by policy. Engineers are investigating the issue and the next update will be provided in 60 minutes or as events warrant,” the dashboard status said.
The Microsoft 365 Status account on Twitter noted around 10:38 a.m. ET:
“We’re investigating an issue where users may be unable to sign in using Multi-Factor Authorization (MFA). All details can be found under Service Incident (SI) #MO165847.”
For 14 hours on November 19, Microsoft’s MFA services went down for many Microsoft customers.
Microsoft’s Azure team recently went public with the root cause it discovered when investigating the outage. Microsoft unearthed three independent root causes, along with monitoring gaps that resulted in Azure, Office 365, Dynamics and other Microsoft users not being able to authenticate for much of that day. Microsoft officials described a multi-pronged plan to try to keep this kind of outage from happening, but said some of the required steps might not be completed until January 2019.
Update (11:40 a.m. ET): The mitigation has begun. From the Azure status page:
“CURRENT MITIGATION: Engineers are currently in the process of cycling backend services responsible for processing MFA requests. This mitigation step is being rolled out region by region with a number of regions already completed. Engineers are reassessing impact after each region completes.”
Update (12:25 pm ET): As the mitigation continues, Microsoft engineers say they’ve identified the cause of today’s issue. From the Azure status page:
“Engineers have also determined a Domain Name System (DNS) issue caused sign-in requests to fail, but this issue is mitigated and engineers are restarting the authentication infrastructure.”
On the Azure status page, Microsoft officials say a full root-cause analysis of today’s outage will be posted within 72 hours.