2FA Login Failure in Office 365 and Azure
According to tweets from Microsoft, the company is investigating reports that Azure and Office 365 are again suffering issues that are leaving users unable to login using multifactor authentication (MFA). When users enter their login credentials and are sent an SMS with a two-factor authentication (2FA) code, the screen does not advance for the user to enter the code, according to a Reddit discussion.
Azure Support also tweeted, “Engineers are actively investigating an ongoing issue affecting Azure Active Directory, when Multi-Factor Authentication is required by policy.”
News of the issue comes less than a month after a reported login problem that left many admins and users unable to access their accounts for several hours. This latest issue is affecting global users, including people from Norway, Australia and the United States expressing frustrations via social media sites.
The most recent status update from Azure as of publication time stated: “Starting at 04:39 UTC on 19 Nov 2018 customers in Europe and Asia-Pacific regions may experience difficulties signing into Azure resources, such as Azure Active Directory, when Multi-Factor Authentication is required by policy.
“Engineers have deployed the hotfix which eliminated a connection between Azure Identity Multi-Factor Authentication Service and a backend service. The deployment of this Hotfix took some time to take effect across the impacted regions. We are seeing a reduction in errors, and customers may be seeing signs of recovery and authentications are succeeding.”
Since the hotfix has been deployed, engineers are continuing to monitor the ongoing performance and will provide updates as necessary.
“Another day, another Office 365 disruption, and another nuisance for admins and employees alike. With less than a month between disruptions, incidents like today’s Azure multifactor authentication issue pose serious productivity risks for those sticking to a software-as-a-service monoculture,” said Pete Banham, cyber resilience expert at Mimecast.
“With huge operational dependency on the Microsoft environment, no organisation should trust a single cloud supplier without an independent cyber resilience-and-continuity plan to keep connected and productive during unplanned, and planned, email outages. Every minute of an email outage could costs businesses hundreds and thousands of pounds. Without the ability to securely log in, knowledge worker employees are unable to do their jobs. The question is if your work email and productivity are dependent on Office 365, how much have these hours of disruption cost you so far?”
Source: Information Security Magazine