Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Cloud IT Technology

Microsoft's Multi-Factor Authentication Service Goes Down For Second Week in a Row (zdnet.com) 101

Just over a week after a global problem with its multi-factor authentication (MFA) service plagued a number of users, another Microsoft MFA outage is impacting a number of customers. Many, but not all, of the customers reporting problems today seem to be U.S.-based. From a report: Starting around 9:15 a.m. ET, a number of Office 365 customers began reporting on Twitter that they were unable to sign into that service because of an MFA issue. Office 365 is one of a number of Microsoft services that uses Azure Active Directory MFA to authenticate. Around 10:15 a.m. ET, Microsoft's Azure status dashboard was updated to reflect the possibility of a cross-region potential outage impacting MFA. "Impacted customers may experience failures when attempting to authenticate into Azure resources where MFA is required by policy. Engineers are investigating the issue and the next update will be provided in 60 minutes or as events warrant," the dashboard status said.
This discussion has been archived. No new comments can be posted.

Microsoft's Multi-Factor Authentication Service Goes Down For Second Week in a Row

Comments Filter:
  • by Geoffrey.landis ( 926948 ) on Tuesday November 27, 2018 @01:18PM (#57709454) Homepage

    Yes: this is what happens when you don't own your software, you just "license" the use of it.

    • by phantomfive ( 622387 ) on Tuesday November 27, 2018 @01:29PM (#57709578) Journal
      It also seems to be something Microsoft does fairly regularly. They have a history of catastrophic failure of services. If they manage to get this one back up, it won't be their worst disaster.

      Remember not to trust the cloud: have backups because your stuff might be lost.
      • Remember not to trust the cloud: have backups because your stuff might be lost.

        Are you sure? I thought the onedrive EULA made the content MS's property, so if it's lost, it wasn't yours to loose..

      • What do you consider their worst disaster to be?
      • by antdude ( 79039 )

        "Trust no one." --The X-Files

    • You plan on running your own 2 factor authentication token system? Good luck keeping it up 100% of the time for 100% of your users across the globe.

      Maintaining user authentication systems is pretty challenging. Keeping credentials maintained across phones, tablets, PCs, back end services and internal servers is not a simple service to maintain in house.

      How do you propose you "Own" a service which gives you single sign on authentication across your internal network, remote web services and offers 2 factor

      • You plan on running your own 2 factor authentication token system? Good luck keeping it up 100% of the time for 100% of your users across the globe.

        I'm not sure why I should need two factor authentication to run my word processor.

        You do know that this is what we're talking about, right? Office 365. Which most people use as a word processor.

        • No, it is Azure. Office 365 is just one of the services (presumably) deployed there. The outage affected systems from other organizations and people as well.

          • No, it is Azure. Office 365 is just one of the services (presumably) deployed there.

            Yes, "presumably". Specifically, the summary we are talking about [slashdot.org] starts "Starting around 9:15 a.m. ET, a number of Office 365 customers began reporting on Twitter that they were unable to sign into that service "

            The outage affected systems from other organizations and people as well.

            Sure.

    • by ilsaloving ( 1534307 ) on Tuesday November 27, 2018 @04:41PM (#57711116)

      Rolling your own MFA would be a nightmare, considering how tightly the security needs to be controlled, so while what the parent says is true, sometimes it's just not practical.

      That means if you need to outsource to a vendor, that vendor has to be rock solid. Microsoft has a demonstrable track record of *not* being able to keep their infrastructure up, so I'm honestly dumbfounded that anybody would use their software willingly. Office365 is one thing because you really don't have a choice, and you can at least run the local version (unless Microsoft breaks the big brother functionality) but I would *never* trust mission-critical infrastructure to be managed by Microsoft.

  • by mcmonkey ( 96054 ) on Tuesday November 27, 2018 @01:22PM (#57709474) Homepage

    Locally installed applications are not exposed to this mode of failure. This story is about as interesting as people who complain about breakfast hours at restaurants. Cook your own breakfast any time of day.

    Cue Airplane "They bought their tickets. They knew what they were getting in to. I say, let 'em crash."

    • Locally installed applications are not exposed to this mode of failure. This story is about as interesting as people who complain about breakfast hours at restaurants. Cook your own breakfast any time of day.

      Show me the locally installed Multi-Factor Authentication solution that doesn't have any cloud component.

    • This story is about as interesting as people who complain about breakfast hours at restaurants. Cook your own breakfast any time of day.

      To take my very real life into your analogy I can't. I live in a Hotel. I am at the mercy of the breakfast hours of restaurants. I actively tell people at work not to book meetings at 7am with me as a result.

      Likewise MFA isn't just about accessing Word or Outlook. MFA from Microsoft can be deployed as the SSO option for an entire corporate infrastructure. If MFA is down and I type my domain password in incorrectly, I'm shitouttaluck as I need to pass the MFA to use our password reset facilities at work. Lik

  • by MobyDisk ( 75490 )

    Oh... THAT is what the "MF" in "MFA" stands for! I thought it was something else!

  • by Pikoro ( 844299 ) <init@in i t . sh> on Tuesday November 27, 2018 @01:23PM (#57709490) Homepage Journal

    "Engineers are currently in the process of cycling backend services responsible for processing MFA requests."

    So, they're turning it off and back on again.

    • The Windows support guy said I really should power cycle twice a day, or at least once per day.

      But I told him I don't even own a bike.
    • by Tablizer ( 95088 )

      So, they're turning it off and back on again.

      They need equipment to simplify the process. [www.mrk.cz]

    • "Engineers are currently in the process of cycling backend services responsible for processing MFA requests."

      So, they're turning it off and back on again.

      Exactly. And they're been staring at this for the last 90 minutes:
      "Windows is installing updates. Please do not power off or unplug your machine".

  • by Crashmarik ( 635988 ) on Tuesday November 27, 2018 @01:25PM (#57709512)

    Die Like Lemmings

    You have critical applications they have no business being in the cloud. Especially not someone else's cloud.

    • Microsoft's MFA isn't just about accessing Microsoft's Cloud. They also form the basis of SSO solutions that can be deployed in corporate and personal infrastructure.

  • If no one can log in with MFA, no one can be hacked, can they?

  • Broken either way (Score:5, Insightful)

    by SirAstral ( 1349985 ) on Tuesday November 27, 2018 @02:02PM (#57709824)

    Choose how you want to run IT.

    If you think you can run to the cloud and get better service you are mistaken. Like playing musical chairs you only move the problems and goal posts around.

    There is no end to Management willing to pay through the nose for the promise of "Cloud" and following the advice of the providers along the way with little question, but when you have to build it on-prem you have to justify every blithering dollar you ask to spend and then have to face them trying to screw up your project plans with scope creep and "know-it-all" management interference and second guessing junior idiots.

    In short, your shit is going offline... you want that reduced? Find quality IT pros and fucking pay them what they are worth and stop promoting high quality pro's to justify giving them a higher salary. If you need too... pay a helpdesk worker that gets their fucking shit done twice what you pay the others. It's that simple and stay the fuck out of their way... they are the professionals... not the fucking management. Managements ONLY job should be to make sure that money is wisely spent by make sure the teams are aware of talent and licenses product are not unnecessarily duplicated and that the nerds or silo managers are not busy fighting like children over stupid shit between themselves or other teams. Those are two huge problems but get very little attention in many businesses.

    • Re:Broken either way (Score:4, Interesting)

      by im_thatoneguy ( 819432 ) on Tuesday November 27, 2018 @03:47PM (#57710646)

      You're going to provide me a nice storage service on-prem that I can access on an iPhone or Android device with conflict resolution and live cooperative editing between say 10 collaborators? And this service is going to manage sync conflicts? And this service is going to scale instantly? And it'll have a single sign on portal so that I can access said collaborative data share? And when I need to share that data with someone outside of the organization you're going to maintain the registration and securities permission of sharing said document? Also is your data service going to OCR and scan all photos in a project folder? Are you going to let me have federated search on my phone to search the contents of documents on my phone quickly while on a public wifi?

      • by Anonymous Coward

        You share a file with email. It does the same thing (collaborating) as all that fancy crap and you can still search through emails

        • Emailing is a very limited way of doing collaboration, it spreads more copies of the same data around in multiple different versions. People can't work on the same specific document at the same time, if you edit it and I edit it then we have to manually recombine our changes. How do you then make sure everyone else is looking at the most recent version, email it again? Manual version control? All technically possible to achieve, but not in a way that's particularly efficient.

          Ideally you want one version of

      • This! I'm surprised here on a nerd news site that many commentators don't know that "Cloud" is more than "opening Excel in a browser and storing files".

      • OOoooo. That sounds so technically difficult. Scarrrrrrrrrryyyyyyy.

        LOL None of those things are "hard". It could be difficult to be put them all together, but I doubt it. It also depends on how far you need to scale. For millions, it would take much more time. For thousands, this could be architected within a month and rolled out with full QA checks in 4 months.

        The only issue is that there are not enough knowledgeable people to architect this solution individually at hundreds of thousands of disparate locat

    • by Tablizer ( 95088 )

      If you think you can run to the cloud and get better service you are mistaken.

      I believe on average it will be better. Local installations are often duck wire and chicken tape in my observation. Cloud problems just get more press similar to how jet crashes get more coverage than car crashes despite cars being more dangerous per mile traveled.

    • The problem is the people who decide to move to cloud aren't in IT. They are in accounting.

      They tell IT to lay people off so the CFO can get his bonus for being smart. Then blame the IT department when MFA breaks and not hold the CFO and his accountants responsible as they saved the organization money so fsck off etc.

  • Which is not a bad thing, in a world of constant change. In addition, if you get Microsoft products, you know what to expect.
    • This is well said... I love Microsoft because they are guaranteed to break... this is job security for me. I wish I had a dime for every time I had to say... "told you so". And despite that they never listen. They always think my requests to add backups or redundancy are too expensive and pie in the sky jackassery, but boy do they pucker the fuck up when they are losing phat stacks of cash during down time and spitting in my face every 5 minutes asking for updates while I am in the middle of analyzing lo

    • if you get Microsoft products, you know what to expect.

      We have a massive service unavailability, but hey, we expected it!

  • About every 12 to 18 months, the owner of the company I work for will come to me about moving 'everything' to the cloud. I always say the same thing, "Maybe we could move {a few non-essential things} and see how that goes, but I wouldn't trust moving {anything we rely on}".

    This article and many others like it are the reason I will keep saying this.

    • About every 12 to 18 months, the owner of the company I work for will come to me about moving 'everything' to the cloud. I always say the same thing, "Maybe we could move {a few non-essential things} and see how that goes, but I wouldn't trust moving {anything we rely on}".

      This article and many others like it are the reason I will keep saying this.

      I would keep my resume updated. When an owner looks to moving to the cloud it means they want to outsource and eliminate most if not all of IT to save money.

      The cloud really is about cutting costs. Not providing benefits and having MBA types circumvent IT by administering it themselves are the reason. Slashdot had an older article when cloud was new was the majority of organizations wanted the cloud to circumvent IT and do shadow IT stuff with an outousrced cloud partner.

      Even if your job is secure you are u

  • My workplace uses MSA for our VPN (which you have to be on for admin access to the servers). I'm starting to miss the RSA SecurID fobs we used to have.

  • by the_skywise ( 189793 ) on Tuesday November 27, 2018 @03:31PM (#57710516)

    cross-region potential outage impacting MFA

    The whole point of being in the cloud is so if one region goes down you can switch over/fallback to the other region's servers to maintain uptime!!!

  • To all you ops guys who think no one can run infra as well as you:

    Please stop the I told you so crap. For every one of you power-wizards, there are 100 fallible ops guys sitting in other chairs. Trust me, I've worked with a bunch of them over the last 40 years. Cloud platforms have outages a lot less than all the custom shops I've worked in, and I've worked in both big and small. Sure, Microsoft's outages are bigger and affect more people, but any particular company has only so much stuff that gets impa

  • ... from accessing a host of internal applications at the company I was contracting with last Spring. And the internally-written authentication application was being slowly phased out and more internal applications were being migrated over to use the Microsoft application. By now, I expect that most, if not all, of those employee services were nicely locked down by Microsoft. One of these days, managers (and bean counters) will learn what is meant by "single point of failure".

  • Safety ? you don't need THAT feature !

Make sure your code does nothing gracefully.

Working...