Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft IT Technology

Multifactor Authentication Issue Hitting North American Azure, Office 365 Users (zdnet.com) 40

A widespread multifactor authentication (MFA) issue is hitting a number of Microsoft customers in North America this morning. From a report: The exact cause of the problem is not clear at the moment, but Microsoft's engineering team says it is working on it. "Customers in North America are experiencing issues with Sign-in when Multi-Factor Authentication is enabled. Engineering team is currently investigating the issue and will send out an update as soon as possible." The Microsoft 365 Status twitter account, as of 10:45 a.m. ET, said: "We're investigating issues where users may be unable to access the admin center when using MFA. We'll provide an update shortly." I've asked Microsoft for an update. No word back so far. Users are reporting they cannot sign into Office 365 or access any of their Office 365 apps and services. Office 365 uses Azure Active Directory for authentication.
This discussion has been archived. No new comments can be posted.

Multifactor Authentication Issue Hitting North American Azure, Office 365 Users

Comments Filter:
  • Trust the cloud (Score:5, Insightful)

    by Malays Boweman ( 5369355 ) on Friday October 18, 2019 @11:17AM (#59322368)
    You need to show that slam dunk presentation in 5 minutes. The cloud will surely be there so you can access your document! /s
    • Your sarcasm is just an indication of your lack of experience with the feature. My MFA is down yet I don't have the slightest problem accessing any of my Azure services or documents since you don't need MFA unless you're accessing from an unknown device.
      And even if the entire cloud were down I probably still wouldn't notice since one of the features of OneDrive is the ability to sync locally. Not even a lack of internet will affect my presentation.

      Now I'm not entirely sure if /s was supposed to imply your p

      • Not to mention MS probably allows you to create single-use tokens for just such an instance as this. Google at least has had that ability for years.
      • one of the features of OneDrive is the ability to sync locally.

        Assuming you remembered to enable that and you kept up the payments.

        • one of the features of OneDrive is the ability to sync locally.

          Assuming you remembered to enable that and you kept up the payments.

          I hate to break it to you but paid services do require you to keep paying.

          • That's the latest trend in Windows, MS Office, and Quicken... all are about done with their innovations, and would rather collect based on time instead of version.

        • Assuming you remembered to enable that and you kept up the payments.

          If you didn't, I'm sure you're not worried about being unable to log into Office 365 to make your presentation.

      • Ya, but with MFA down, now all the bad guys that we pay an annual subscription to protect against (instead of just having a firewall and decent virus scanner on our work machines) can get in and h4x0rz mah docs, amiright?

      • Re:Trust the cloud (Score:4, Interesting)

        by cayenne8 ( 626475 ) on Friday October 18, 2019 @12:43PM (#59322738) Homepage Journal

        Your sarcasm is just an indication of your lack of experience with the feature. My MFA is down yet I don't have the slightest problem accessing any of my Azure services or documents since you don't need MFA unless you're accessing from an unknown device.

        Hmm...you must be a MS cloud employee after reading your repeats of this multiple times on this story.

        But I thought that was supposed to be one of the few reasons WHY you'd want to sue Office on the cloud, so that you didn't have to worry about what device you were using?

        I know plenty of presentation rooms that have a common laptop there, all hooked up the the presentation podium.....and well, if you can't get to your PP from this, you're SOL.

        Seriously, if you didn't have everything stored on the cloud and all, you'e have copies of this on USB or whatever and not have to worry about this.

        SAS may have some places, but man, when shit live this hits, I have a hard time figuring how it is better.

        And from my experiences with Azure...well, it ain't all good. When it works its ok...but it doesn't, well, they never give reasons, only excuses and silence.

        • Hmm...you must be a MS cloud employee after reading your repeats of this multiple times on this story.

          What the fuck? Knowing how the product I use at work works suddenly makes me a vendor employee? Are you a Google employee because you're using Chrome? A Ford employee because you know how to drive?

          But I thought that was supposed to be one of the few reasons WHY you'd want to sue Office on the cloud, so that you didn't have to worry about what device you were using? I know plenty of presentation rooms that have a common laptop there, all hooked up the the presentation podium.....and well, if you can't get to your PP from this, you're SOL.

          Precisely but OP postulated making some slam dunk presentation, implying that he almost definitely either is using his work PC (which would have previously been authorised), his personal PC (likely previously authorised), an office PC (almost certainly whitelisted by even the most incompetent of IT staff), or have

          • When it works its ok...but it doesn't, well, they never give reasons, only excuses and silence.

            A problem caused either by yourself or completely incompetent IT people at your work.

            Are you claiming no competent IT organization has ever had a problem with any SaaS offering? Or just that no competent IT organization has ever had a problem with any Microsoft SaaS offering? I mean, both of those are demonstrably untrue, but I'm deeply curious just how far this delusion of 100% availability of cloud services goes.

            • Are you claiming no competent IT organization has ever had a problem with any SaaS offering?

              No, but thanks for the strawman argument. Now back to what I was actually saying: If a company has a competent IT staff the number of people who were affected by this MFA outage should be countable on one hand since in practice people rarely hit an MFA challenge.

              • Ignore for a moment that the push for MFA for the past three years or more has focused on "Enforce MFA", and "MFA is the only way to be secure". Ignore that best practice is to enforce MFA. Ignore that the statement about "never needing to use a second factor code" is just blatantly untrue (we enforce MFA because we have customer data in the cloud, and every new session to Office 365, the Office portal, Azure portals, PowerShell, Exchange Admin Center, etc requires MFA at that point or "recently"). Ignore t

          • No, I speak from all too intimate experience with Azure in the recent past.
            • Interesting, because you seem to not know much about Microsoft MFA service which is being discussed here. Side note, after a bit of Googling based on a reply from someone else I learnt that Active Directory servers can issue MFA tokens as a fallback when the service is unavailable, meaning that businesses should have hummed right through this outage. You make me scared for the employees where you work if you've had such "intimate experience" with Azure.

          • When you add multiple layers, especially that requires paid cloud access, there is always a chance something will go horribly wrong. The fact tnat you have not had problems so far means that you are lucky. The way it should work is that the files are all stored locally with no need for auth tokens or any internet connection to access them. If the documents are secure, the decryption/unlocking shound be entirely local. Even if you haven't paid up, you should still be able to have full access your local docu
      • Your sarcasm is just an indication of your lack of experience with the feature.

        Or their particular organization's configuration. Some places require more security and thus prompt more frequently for MFA for various services/applications, even from known devices.

        My MFA is down yet I don't have the slightest problem accessing any of my Azure services or documents

        I've had helpdesk people like you. "Works fine for me!" *close ticket*

    • But, trust the IT departmen when it recommaneds Microsoft and the cloud, since it is full of PhDs who have spend years evaluating and discussing the options available in order to provide the best options for their clients, and it most definitiely not staffed by a bunch of goons with MS certificates.

    • Office 365 can use Azure Active Directory for authentication. FTFY
      • You mean Office 321 of course ... or is it Office 244. I've lost count.

      • That's not what's down. They lost the SMS bridge that sends out Two-Factor Auth codes... so anybody who didn't bring their cookie or is using a new install couldn't get it to work.

        • There are idiots that use SMS for 2 Factor Identification? What a bunch of nimrods. They deserve whatever befalls them.

    • just for the presentation DCL add on!

    • by Dunbal ( 464142 ) *
      Yes, this is what you pay your monthly rent to the cloud for - so that you can have access except when you don't have access. But it sure beats having your office suite on a hard drive where you can load it whenever you want... What's that? Responsibility? Damages? Did you even read your EULA?
    • Comment removed based on user account deletion
  • by Rakhar ( 2731433 ) on Friday October 18, 2019 @11:19AM (#59322374)

    Fuck live service bullshit. You often pay more money for the joy of being fucked over. But hey, at least they stopped some single digit percentage of pirates, right?

    • Not sure what you're talking about. MFA on Azure triggers rarely unless you are accessing the service from an unknown device (good luck accessing *your* document on another PC without a cloud, and if you have it on USB what are you complaining about).

      • You're a fanboi. We get it.

        • You're a fanboi. We get it.

          No I'm a user just pointing out the stupidity and ignorance from everyone going "derp derp MS bad derp, Cloud bad because I can't RTFM derp derp"

          • by Rakhar ( 2731433 )

            I don't give a shit about MS. The live service shit is in so many software markets now. The fuck does RTFM have to do with wondering why the fuck people suddenly think running software and storing data on other people's computers is a good idea? I get corporate use, but why would anyone think it's the best default option for home users?

      • by Rakhar ( 2731433 )

        I'm complaining about the shift to everything as a service, programs streaming from "the cloud" (buzz speak for "someone else's computer"), and subscriptions for everything.

        For most customers the end result is paying more money and having less control. For some products that doesn't mean very much. For others it means a great deal.

    • But hey, at least they stopped some single digit percentage of pirates, right?

      Nope. Cloud services make sure customers make payments on Microsoft's schedule, not only when they need to upgrade.

      They actually doubled their profits on Office with this crap.

      (...and yes, it's coming to the OS, too).

      • (...and yes, it's coming to the OS, too).

        Isn't it funny how we went from - dummy terminals - to - PCs at every desk - to - smart/dummy terminals?

  • Service has been restored for our tenant.
  • I find Office 347's lack of reliability rather annoying. Fortunately, didn't seem to affect anyone who was already logged in.
  • by forkfail ( 228161 ) on Friday October 18, 2019 @12:29PM (#59322648)

    Not much else to say.

  • When I was working in 2003, somebody on the inside installed Azure on one of our servers and filed himself as the owner, when it really was in the office data room and owned by the company. We had quite the hassle getting that turned off...

    To put it bluntly, this isn't a reliable cloud like the others, it's a network of MS customers selling their unused bandwidth as if their office-links were P2P.

No spitting on the Bus! Thank you, The Mgt.

Working...