Microsoft Confirms DDoS Attack Behind Latest Microsoft 365 and Azure Outage

Key Takeaways:

• Microsoft Azure experienced a major outage caused by a distributed denial-of-service (DDoS) attack, affecting several key services for nearly 10 hours.
• Impacted services included Microsoft 365 admin center, Entra, Intune, Power BI, and Power Platform.
• Microsoft’s initial defense mechanisms against the DDoS attack inadvertently amplified its impact, leading to significant disruptions during the Azure outage.

Microsoft announced yesterday that its Azure cloud services experienced another major outage. The company confirmed that this widespread disruption was caused by a distributed denial-of-service (DDoS) attack, resulting in the latest Azure outage.

According to Microsoft, customers began reporting issues around 5 AM PST, stating they couldn’t access several Microsoft 365 and Azure services. The company noted on its Azure Service status page that users may experience latency while performing actions or operations on the affected services.

This major Azure outage, which lasted nearly 10 hours, impacted the Microsoft 365 admin center, Entra, Intune, Power BI, and Power Platform. However, Microsoft clarified that some services, including Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for Business, were not affected.

What caused the Microsoft 365 and Azure outage?

Microsoft announced this morning that the recent Azure outage was initially caused by a distributed denial-of-service (DDoS) attack. A DDoS attack disrupts a server, service, or network by overwhelming it with excessive Internet traffic. Microsoft noticed a sudden spike in usage, which caused their Azure Front Door and Azure Content Delivery Network (CDN) services to underperform, leading to errors, timeouts, and delays for users.

It’s important to note that most companies have built-in mechanisms to protect against DDoS attacks. “While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack… initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it,” Microsoft explained, shedding more light on the Azure outage impact.

Last week, a faulty update for CrowdStrike’s Falcon Sensor security platform caused a global outage affecting millions of Windows PCs worldwide. This disruption affected payment systems, flight tracking, and other critical infrastructure. In response, Microsoft plans to bolster Windows security and resilience by limiting kernel-level access for third-party security solutions.

FAQs

How frequently do Azure outages occur on average?

Azure outages typically occur 2-3 times per year, with major service disruptions lasting more than 4 hours happening approximately once annually. Microsoft’s Azure platform maintains a 99.99% uptime commitment despite these occasional outages.

What preventive measures can businesses take to minimize impact during an Azure outage?

To protect against Azure outages, businesses should implement multi-region deployments, maintain backup cloud providers, utilize Azure’s built-in redundancy features, develop comprehensive disaster recovery plans, and regularly test failover procedures.

How does an Azure outage impact cryptocurrency and blockchain operations?

During an Azure outage, cryptocurrency exchanges and blockchain applications hosted on the platform may experience transaction delays, smart contract execution issues, and mining disruptions. This can lead to temporary market volatility and delayed settlements.

What compensation does Microsoft offer for businesses affected by Azure outages?

Microsoft provides service credits based on their Service Level Agreement (SLA) when Azure outages exceed specified durations. The compensation typically ranges from 10% to 100% of the affected service’s monthly fees depending on the outage severity.

How do Azure outages compare to other major cloud providers’ downtimes?

Azure outages are generally comparable to other major providers, with industry data showing similar frequency and duration patterns across AWS and Google Cloud Platform. However, Azure has demonstrated faster average recovery times during major outages in recent years.