Office365 Multi-Factor Authentication Issues.
As widely used as Microsoft services are, they aren’t immune to technical problems, especially regarding some of the functions of Office365 and their cloud services for e-mail. A significant amount of Office365 users were unable to access their accounts for most of the day on November 19th, and we have found that several others have experienced issues in the couple of weeks following. The problem was a multi-factor authentication issue which hit users worldwide and left them unable to sign into their services. Obviously, this is a major problem considering the amount of business users who utilize the Microsoft cloud.
While a subset of users were no longer receiving prompts on their mobile devices for two-factor authentication logins, there were also delays and crashes on those accounts while already logged in. Of course, this is only affecting those who have enabled 2FA. The problem is 2FA has been and will continue to be advised as one of the best ways to secure an account from unauthorized access. So when you take this sound advice and enable the security feature, you really don’t want to have the potentially critical fallback of not being able to access your own email.
“Azure and Office 365 MFA services were affected starting at 4:39 am UTC (which was 11:39 pm ET the previous day), according to the Office status page.”
It was reported the same day that Azure engineers deployed a hotfix, but it took some time to take full effect. Because of this fix, they also reported to see a reduction in authentication errors as a result, however, not completely or immediately. Other than being updated that Microsoft was working on the issue, customers didn’t hear much more after that and no mention of the cause was relayed.
A few days later, a new update emerged highlighting the cause of the 2FA issue, which turned out to be because of a recent update. This update was supposed to “improve connections” to caching services for the MFA (multi-factor authentication), but instead introduced an issue which prevented users from being able to sign in at all. The biggest problem here is that it also prevented self-service password resets or from being able to disable the multi-factor authentication unless it was from an account that didn’t have it enabled.
So, what does all of this mean? Does it mean that Microsoft and Office365 is completely unreliable? Not exactly. What it does mean, however, is that you should explore other Two-factor Authentication resources as an alternative to Azure.
Duo is a third-party SaaS (software as a service) product that allows you to easily enroll and manage users for two-factor authentication. It has a user self-enrollment method which is easy enough for users to do on their own, but you can also easy manage multiple users from the console. They send updates to user devices ensuring they always have the latest security patches and features. Duo works as an application that is installed on your phone, which acts as the secondary authentication to login to an account.
The service also provides a phishing simulator to assess user risk by identifying vulnerable users and devices within an organization. By allowing you to measure and monitor your company’s risk of getting successfully phished, it gives you the ability to use preventative measures and stop these attacks before they happen by strengthening your weaker links.
It may appear unnecessary on the surface to pay for an additional feature that Microsoft already has available in Office365, however, if it is valuable to a larger organization to have a service where its primary function is multi-factor authentication and the service is more dependable, then it should be something to consider.