EXECUTIVE SUMMARY:
On Monday, March 15th, Microsoft experienced a 14 hour outage that disrupted functions via the company’s Office, Teams and Dynamics 365 products. Third-party apps that depended on Azure AD identification also went offline. Was this connected to the Exchange server situation? Should IT teams be concerned?
Cloud authentication outage: What really happened?
According to Microsoft’s preliminary reports “an error occurred in the rotation of keys used to support Azure AD’s use of OpenID, and other, identity standard protocols for cryptographic signing operations”.
Microsoft publishes information about signing keys on a routine basis. However, the metadata was altered around roughly 3pm Eastern Time, touching off the outage.
Within two hours, engineers had reverted the system back to its prior state. However, it takes some time for applications to recognize and use new metadata. “A subset of storage resources required an update to invalidate the incorrect entries and force a refresh”.
Why did the cloud authentication outage occur?
According to Microsoft, Azure AD is undergoing significant engineering changes as part of a larger effort to increase protections on the back-end Safe Deployment Process. The Azure AD authentication outage that struck systems in September occurred in conjunction with the same project. A full analysis of this new cloud outage will be published after further investigation.
“We understand how incredibly impactful and unacceptable this is and apologize deeply. We are continuously taking steps to improve the Microsoft Azure Platform and our processes to help ensure such incidents do not occur in the future,” stated Microsoft’s blog.
Despite recent challenges, analysts predict that Microsoft could gain 27% of market share in the cloud computing space within 2021. Its installed user base is expected to grow substantially due to continued distributed working environments.
For more on this story, check out Business Insider.
