Last week, Microsoft acknowledged an issue that triggered connectivity issues on its Azure portal. Now, the company has confirmed that the outage was caused by an “anomalous spike” in Azure traffic.
Specifically, Microsoft reported that the incident started at 8:00 A.M PT on June 9. They saw the “We’re working to restore all services as soon as possible” error messages while trying to access the Azure Portal. The problem also affected various other Microsoft services, such as the Entra Admin center and Microsoft Intune. Subsequently, a threat actor Anonymous Sudan claimed a DDoS attack that allegedly targeted Azure services.
In a preliminary post-incident report, Microsoft explained that its telemetry data shows a huge spike in network traffic that caused the recent connectivity issues. The bug prevented hundreds of customers from using the service properly.
Microsoft detailed that its engineers quickly adjusted firewall rules to block the traffic. They also updated traffic throttling rules, added Azure portal server instances, as well as restarted unhealthy Azure portal instances to mitigate the impact of the Azure outage. However, Microsoft didn’t mention the source of the sudden Azure traffic.
“We identified a spike in network traffic which impacted the ability to manage traffic to these sites and resulted in the issues for customers to access these sites,” Microsoft explained. “We engaged in different workstreams applying load balancing processes in addition to the auto-recovery operations in place in order to mitigate the issue. Additionally, we are continuing to monitor the platform health.”
Microsoft confirmed that it’s working to reduce the Azure portal startup time. The company is also taking proactive steps to improve its internal monitoring mechanism. This approach should ensure the stability of the service and prevent similar incidents from happening again. Meanwhile, Microsoft is also investigating the potential involvement of Anonymous Sudan behind the Azure issues.