Good morning! Except if you’re a hosted Microsoft customer who’s locked out of your account right now.
Microsoft’s cloud-based multi-factor authentication services went down across the globe early Monday morning, preventing users who are required to sign in using a second layer of authentication to their account, such as a text message, a push notification on their phone, or a hardware key. You hit the password page, and then you’re stuck — no code, no notification, nothing.
“Affected users may be unable to sign in,” said a notice on Office 365’s service health page, confirming the outage.
More than half a day later, the service is still struggling.
Engineers are actively investigating an ongoing issue affecting Azure Active Directory, when Multi-Factor Authentication is required by policy. Please refer to https://t.co/Dw19fIoS5H for updates.
— Azure Support (@AzureSupport) November 19, 2018
Impacts O365 MFA too. I should point out, it is normally rock solid – I ponder how many orgs will globally turn it off due to this outage.
— Kevin Beaumont (@GossiTheDog) November 19, 2018
At the time of writing, Microsoft said it has deployed a hotfix to get the service up and running again, but will “continue to monitor any updates” for the next couple of hours. “We’ve received reports that users may no longer receive alerts, so we’re analyzing diagnostic logs to understand why,” the company added.
So far, there’s no clear reason for the outage. We’ve reached out to Microsoft for more, and will update when we hear back.
Multi-factor authentication adds a significantly greater layer of protection on an email account than just a password. But, as a crucial mechanism for users to log in, it’s also a single point of failure if the system breaks.
A system so secure that even its users can’t log in. Who knew?