Microsoft 365 Multifactor Authentication Crash Locks Users Out
Multifactor authentication is a layer of IT security meant to prevent cyberattackers from being able to access your accounts. It does this by sending one-time use codes to users’ phones every time they log in from an unfamiliar device. Therefore, even if an attacker has your password, they will not be able to access your account. Microsoft 365 is a service that uses this security feature.
On November 19th, a malfunction of Microsoft’s Multifactor authentication servers caused real users of the Microsoft 365 Service to be locked out of their own accounts for 14 hours. Affected services included Microsoft 365, Microsoft Azure, Dynamics, and other services that rely on the Azure directory.
The event affected users globally, in the Americas, Europe, and Asia.
In a statement, Microsoft reported that the error was the result of 4 causes. Firstly, Microsoft states that the Multifactor Authentication (MFA) in Azure reached a capacity of users that lagged due to latency problems in its server.
The second cause is a backend process that compounded the issue of the latency experienced by the font-end of the MFA server. Microsoft has stated that these issues have been present since the November 2018 update of the software.
The third cause was the overload of the backend server, when no more requests could be processed by the system. And finally the fourth cause was the delay of identifying the other there causes, which allowed for the problem to escalate.
Microsoft provided a list of strategies that they will employ in light of the event in order to prevent it occurring again.
Firstly, it will more carefully monitor and manage its update cycles to ensure that its server health is always optimal. Further, they will improve their communication procedures with the service health dashboard, to ensure that incidents are reported effectively.
There are many advantages to using MFA, including reliability and ease-of-use. With many attackers now cracking passwords with brute force, our accounts are constantly under attack. With a 5 minute setup time, multifactor authentication is a great way of quickly and effectively securing your account. Despite this incident, MFA is still a staple to your IT security.
Our technicians at GigE can help your organization with any questions or setup that you may need regarding MFA and other tech issues. Contact us at 888 366 4443 now! You can also learn more about our cloud services here.