After Office 365 business users reported that they were unable to log in to their accounts in the early morning hours of Monday, November 19, Microsoft has acknowledged the issue and applied a fix that’s slowly beginning to restore service to affected users. Microsoft says the issue was caused by a problem related to the company’s multifactor authentication services.
Because Microsoft’s multifactor authentication services went down globally, users were unable to get the secondary six-digit code that is required to log in to their accounts, TechCrunch reported. The codes are typically either sent via text messages, push notifications, or through a hardware key. Microsoft has not disclosed what caused the multifactor authentication system to go offline, as engineers are continuing to investigate the problem. In the meantime, Microsoft has applied a hotfix to remedy the problem, allowing users to slowly regain access to their Office 365 accounts.
Azure users were also impacted by the glitch. “… Asia-Pacific and the Americas regions may experience difficulties signing into Azure resources, such as Azure Active Directory, when multifactor authentication is required by policy,” Microsoft posted on its Azure status update page.
“We’ve applied some additional mitigation actions to implement some relief in the environment and have observed that a subset of authentication requests are completing successfully,” Microsoft stated in an Office 365 status update page. The company noted that the hotfix “took time to propagate across the impacted regions, primarily Europe and Asia-Pacific.”
Most security experts generally recommend that users enable multifactor authentication on their accounts. In addition to requiring a username and password for logging into accounts, multifactor authentication secures an account with an additional piece of information, like a dynamically generated six-digit code that’s only valid for a specific amount of time. This makes it far more difficult for a hacker that has your username and password to log into your account.
When Google rolled outs its security key policy for employees, the company claimed that it greatly reduced phishing attacks and its security exposure. Consumers can secure their online account with two-factor authentication, a hardware-based security key, or a multifactor authentication app, like Microsoft Authenticator or Google Authenticator.