We all fall together. Azure MFA takes a tumble for the second week running

Microsoft and the Terrible, Horrible, No Good, Very Bad Day


Updated In a touching show of solidarity with its Exchange Online cousin, Microsoft’s Azure Multi-Factor Authentication (MFA) service has fallen over and is struggling to get back up. Again.

If Microsoft hasn’t developed an AI bot capable of filling its social media orifices with apologies yet, then it is surely only a matter of time before it does so.

letters stuffed in a mailbox. Photo by SHutterstock

Microsoft suffers the Tuesday shakes as Exchange Online continues to be wobbly for UK users

READ MORE

A Microsoft engineer, fingers doubtless weary from writing up last week’s fiasco, took to the Azure status page to admit that, yes, as of 14:25 UTC today, MFA was having problems. But it's ok – it's only a “subset” of customers. The Windows giant went on to warn that those who had MFA required by policy might experience intermittent issues signing in to Azure resources.

These resources include Azure Active Directory. Can you hear the admins wailing?

MFA is undoubtedly a good thing, since it forces users to adopt two or more ways of authentication beyond just a password. A phone, dongle or biometrics can come into play as well. Assuming the MFA service is actually running, of course.

The issue, which is worldwide, comes hot on the heels of the publication of a root cause analysis into the incident last week, which saw a trio of failures that led to users being unable to access their beloved Office 365 services.

At the time, Microsoft said it would endeavour to prevent a recurrence of the problem by looking at how it handled testing and updates and review ways of containing failures before they kick off.

Hopefully that review didn’t take long, because there is a failure happening right now that sure needs some containment.

In the meantime, some unkind customers have suggested applying the solution that worked last time. You know: turn it off and turn it on again.

We contacted Microsoft to find out what had become of the service and the lessons learned from last week, but have yet receive a response. ®

Updated to add

According to Microsoft, "After a preliminary investigation, engineers found that an earlier DNS issue triggered a large number of sign-in requests to fail, which resulted in backend infrastructure becoming unhealthy."

And yes, the outage was tackled, and systems restored, after switching equipment off and on again: "After the DNS issue was resolved, engineers then focused on cycling the relevant backend services to resolve the congestion issue. They observed a decrease in the failure rate after the reboot cycles."

A full postmortem will be released in the next few days.


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022