Microsoft’s Multi-Factor Authentication Failure Impacts Office 365 Users Globally

CISA's Patch by Tonight Emergency Directive

A failure of Microsoft’s multi-factor authentication services has impacted Office 365 business users in the early hours of Monday.

The global outage impacted multifactor authentication services to leave users stranded from being able to use their Office products with the lack of a secondary six-digit code required to log in to their accounts. Fundamentally, users who enabled a second layer of authentication to their account as an added security measure were unable to login via multi-factor credentials dispensed via a text message, hardware key or a push notification.

The outage has affected customers of Office 365 and Azure, Microsoft’s cloud computing service.

“Affected users may be unable to sign in,” a notice on Office 365’s service status page confirmed.

For now, Microsoft has enforced a hotfix to enable services again.

“We’ve received reports that users may no longer receive alerts, so we’re analyzing diagnostic logs to understand why,” the company added, without revealing any reason for the outage.

Multi-factor authentication, sometimes referred to as two-factor authentication (2FA), is widely used as an added layer of protection on an account requiring email credentials beyond a password. It relies on short, expiring alphanumeric or numbered credentials typically delivered via a text message, push alert or a smartphone app for users to enhance their security. Commonly

However, it’s also susceptible for a single point of failure, as Microsoft has discovered.

Speaking to TechCrunch, a spokesperson for Microsoft said:

[W]e’re working to address the delay some customers continue to experience using multi-factor authentication in some regions.

Image credit: Pixabay.