Microsoft's Multi-Factor Authentication Service Goes Down For Second Week in a Row (zdnet.com) 101
Just over a week after a global problem with its multi-factor authentication (MFA) service plagued a number of users, another Microsoft MFA outage is impacting a number of customers. Many, but not all, of the customers reporting problems today seem to be U.S.-based. From a report: Starting around 9:15 a.m. ET, a number of Office 365 customers began reporting on Twitter that they were unable to sign into that service because of an MFA issue. Office 365 is one of a number of Microsoft services that uses Azure Active Directory MFA to authenticate. Around 10:15 a.m. ET, Microsoft's Azure status dashboard was updated to reflect the possibility of a cross-region potential outage impacting MFA. "Impacted customers may experience failures when attempting to authenticate into Azure resources where MFA is required by policy. Engineers are investigating the issue and the next update will be provided in 60 minutes or as events warrant," the dashboard status said.
You don't own your software (Score:3)
Yes: this is what happens when you don't own your software, you just "license" the use of it.
Re:You don't own your software (Score:5, Insightful)
Cloud is just a server run by someone else.
Re: (Score:2)
Exactly. Which is why companies that own fleets of vehicles as part of their business tend to have in-house maintenance for those vehicles.
Re: (Score:3)
Cool, saying " I had to take my car to the shop" makes me sound incompetent and incapable of fixing anything.
Now, I can say "My cars going into the auto cloud",and I'm cool again!
Re: (Score:2)
An airplane is just a car that has wings.
Cloud is much more than a "server run by someone else", it's also "a server that you can lease by the second" and that's a huge shift in how you can look at your infrastructure. Need more database capacity? You don't need to plan ahead days or months and do a cost/benefit projection on whether or not you'll still need that capacity in 6 months, you can add another shard in a couple minutes and stop paying for it just as quickly when demand drops.
You could run a 'pr
Re: (Score:2)
And the grid is just a generator run by someone else.
Do you also have generator in your house and office?
Re: (Score:2)
Re: (Score:2)
Cloud is just a server run by someone else.
Someone who is usually much better at running that server than most people.
Re:You don't own your software (Score:5, Informative)
Remember not to trust the cloud: have backups because your stuff might be lost.
Re: (Score:2)
Remember not to trust the cloud: have backups because your stuff might be lost.
Are you sure? I thought the onedrive EULA made the content MS's property, so if it's lost, it wasn't yours to loose..
Re: (Score:2)
What native multi-factor authentication? MSA provides your one time code in their setup. No MSA, no one-time code, no two factor authentication. To continue on, you'd have to be distributing something else and be set up to use it as fall-back (or else be prepared to turn off 2FA entirely), in which case you have to ask why you're bothering with MSA at all.
Re: (Score:1)
Re: You don't own your software (Score:2)
Re: (Score:2)
"Trust no one." --The X-Files
Re: (Score:3)
You plan on running your own 2 factor authentication token system? Good luck keeping it up 100% of the time for 100% of your users across the globe.
Maintaining user authentication systems is pretty challenging. Keeping credentials maintained across phones, tablets, PCs, back end services and internal servers is not a simple service to maintain in house.
How do you propose you "Own" a service which gives you single sign on authentication across your internal network, remote web services and offers 2 factor
Re: (Score:2)
You plan on running your own 2 factor authentication token system? Good luck keeping it up 100% of the time for 100% of your users across the globe.
I'm not sure why I should need two factor authentication to run my word processor.
You do know that this is what we're talking about, right? Office 365. Which most people use as a word processor.
Re: (Score:2)
No, it is Azure. Office 365 is just one of the services (presumably) deployed there. The outage affected systems from other organizations and people as well.
Re: (Score:2)
No, it is Azure. Office 365 is just one of the services (presumably) deployed there.
Yes, "presumably". Specifically, the summary we are talking about [slashdot.org] starts "Starting around 9:15 a.m. ET, a number of Office 365 customers began reporting on Twitter that they were unable to sign into that service "
The outage affected systems from other organizations and people as well.
Sure.
Re:You don't own your software (Score:4, Insightful)
Rolling your own MFA would be a nightmare, considering how tightly the security needs to be controlled, so while what the parent says is true, sometimes it's just not practical.
That means if you need to outsource to a vendor, that vendor has to be rock solid. Microsoft has a demonstrable track record of *not* being able to keep their infrastructure up, so I'm honestly dumbfounded that anybody would use their software willingly. Office365 is one thing because you really don't have a choice, and you can at least run the local version (unless Microsoft breaks the big brother functionality) but I would *never* trust mission-critical infrastructure to be managed by Microsoft.
Re: (Score:2)
That's what momentum gets you, and why Microsoft can charge whatever they want and people have to pay (or pirate). I'm sure there are plenty of IT departments that would *love* to get away from Office. But even if they want to, they can't because staff insist on using it, and supporting multiple suites of tools is just not realistic when you have a large userbase.
A particular movie quote comes to mind. (Score:3)
Locally installed applications are not exposed to this mode of failure. This story is about as interesting as people who complain about breakfast hours at restaurants. Cook your own breakfast any time of day.
Cue Airplane "They bought their tickets. They knew what they were getting in to. I say, let 'em crash."
Re: (Score:3)
Locally installed applications are not exposed to this mode of failure. This story is about as interesting as people who complain about breakfast hours at restaurants. Cook your own breakfast any time of day.
Show me the locally installed Multi-Factor Authentication solution that doesn't have any cloud component.
Re: (Score:2)
This story is about as interesting as people who complain about breakfast hours at restaurants. Cook your own breakfast any time of day.
To take my very real life into your analogy I can't. I live in a Hotel. I am at the mercy of the breakfast hours of restaurants. I actively tell people at work not to book meetings at 7am with me as a result.
Likewise MFA isn't just about accessing Word or Outlook. MFA from Microsoft can be deployed as the SSO option for an entire corporate infrastructure. If MFA is down and I type my domain password in incorrectly, I'm shitouttaluck as I need to pass the MFA to use our password reset facilities at work. Lik
MFA (Score:2)
Oh... THAT is what the "MF" in "MFA" stands for! I thought it was something else!
Re: (Score:2)
Re: (Score:1)
Looks like they tried it (Score:5, Funny)
"Engineers are currently in the process of cycling backend services responsible for processing MFA requests."
So, they're turning it off and back on again.
Re: (Score:3)
So, they're going to re-install it?
Re: (Score:2)
But I told him I don't even own a bike.
Re: (Score:1)
They need equipment to simplify the process. [www.mrk.cz]
Re: (Score:3)
"Engineers are currently in the process of cycling backend services responsible for processing MFA requests."
So, they're turning it off and back on again.
Exactly. And they're been staring at this for the last 90 minutes:
"Windows is installing updates. Please do not power off or unplug your machine".
Live Like Lemmings (Score:3)
Die Like Lemmings
You have critical applications they have no business being in the cloud. Especially not someone else's cloud.
Re: (Score:2)
Microsoft's MFA isn't just about accessing Microsoft's Cloud. They also form the basis of SSO solutions that can be deployed in corporate and personal infrastructure.
Security improvement! (Score:2)
If no one can log in with MFA, no one can be hacked, can they?
Re: (Score:1, Troll)
Re: Security improvement! (Score:2)
Broken either way (Score:5, Insightful)
Choose how you want to run IT.
If you think you can run to the cloud and get better service you are mistaken. Like playing musical chairs you only move the problems and goal posts around.
There is no end to Management willing to pay through the nose for the promise of "Cloud" and following the advice of the providers along the way with little question, but when you have to build it on-prem you have to justify every blithering dollar you ask to spend and then have to face them trying to screw up your project plans with scope creep and "know-it-all" management interference and second guessing junior idiots.
In short, your shit is going offline... you want that reduced? Find quality IT pros and fucking pay them what they are worth and stop promoting high quality pro's to justify giving them a higher salary. If you need too... pay a helpdesk worker that gets their fucking shit done twice what you pay the others. It's that simple and stay the fuck out of their way... they are the professionals... not the fucking management. Managements ONLY job should be to make sure that money is wisely spent by make sure the teams are aware of talent and licenses product are not unnecessarily duplicated and that the nerds or silo managers are not busy fighting like children over stupid shit between themselves or other teams. Those are two huge problems but get very little attention in many businesses.
Re:Broken either way (Score:4, Interesting)
You're going to provide me a nice storage service on-prem that I can access on an iPhone or Android device with conflict resolution and live cooperative editing between say 10 collaborators? And this service is going to manage sync conflicts? And this service is going to scale instantly? And it'll have a single sign on portal so that I can access said collaborative data share? And when I need to share that data with someone outside of the organization you're going to maintain the registration and securities permission of sharing said document? Also is your data service going to OCR and scan all photos in a project folder? Are you going to let me have federated search on my phone to search the contents of documents on my phone quickly while on a public wifi?
Re: (Score:1)
You share a file with email. It does the same thing (collaborating) as all that fancy crap and you can still search through emails
Re: (Score:2)
Emailing is a very limited way of doing collaboration, it spreads more copies of the same data around in multiple different versions. People can't work on the same specific document at the same time, if you edit it and I edit it then we have to manually recombine our changes. How do you then make sure everyone else is looking at the most recent version, email it again? Manual version control? All technically possible to achieve, but not in a way that's particularly efficient.
Ideally you want one version of
Re: (Score:2)
This! I'm surprised here on a nerd news site that many commentators don't know that "Cloud" is more than "opening Excel in a browser and storing files".
Re: (Score:2)
OOoooo. That sounds so technically difficult. Scarrrrrrrrrryyyyyyy.
LOL None of those things are "hard". It could be difficult to be put them all together, but I doubt it. It also depends on how far you need to scale. For millions, it would take much more time. For thousands, this could be architected within a month and rolled out with full QA checks in 4 months.
The only issue is that there are not enough knowledgeable people to architect this solution individually at hundreds of thousands of disparate locat
Re: (Score:1)
I believe on average it will be better. Local installations are often duck wire and chicken tape in my observation. Cloud problems just get more press similar to how jet crashes get more coverage than car crashes despite cars being more dangerous per mile traveled.
Re: (Score:2)
The problem is the people who decide to move to cloud aren't in IT. They are in accounting.
They tell IT to lay people off so the CFO can get his bonus for being smart. Then blame the IT department when MFA breaks and not hold the CFO and his accountants responsible as they saved the organization money so fsck off etc.
MS's predictability (Score:2)
Re: (Score:2)
This is well said... I love Microsoft because they are guaranteed to break... this is job security for me. I wish I had a dime for every time I had to say... "told you so". And despite that they never listen. They always think my requests to add backups or redundancy are too expensive and pie in the sky jackassery, but boy do they pucker the fuck up when they are losing phat stacks of cash during down time and spitting in my face every 5 minutes asking for updates while I am in the middle of analyzing lo
Re: (Score:2)
We have a massive service unavailability, but hey, we expected it!
To the cloud (Score:2)
About every 12 to 18 months, the owner of the company I work for will come to me about moving 'everything' to the cloud. I always say the same thing, "Maybe we could move {a few non-essential things} and see how that goes, but I wouldn't trust moving {anything we rely on}".
This article and many others like it are the reason I will keep saying this.
Re: (Score:2)
About every 12 to 18 months, the owner of the company I work for will come to me about moving 'everything' to the cloud. I always say the same thing, "Maybe we could move {a few non-essential things} and see how that goes, but I wouldn't trust moving {anything we rely on}".
This article and many others like it are the reason I will keep saying this.
I would keep my resume updated. When an owner looks to moving to the cloud it means they want to outsource and eliminate most if not all of IT to save money.
The cloud really is about cutting costs. Not providing benefits and having MBA types circumvent IT by administering it themselves are the reason. Slashdot had an older article when cloud was new was the majority of organizations wanted the cloud to circumvent IT and do shadow IT stuff with an outousrced cloud partner.
Even if your job is secure you are u
Getting a little tired of this (Score:2)
My workplace uses MSA for our VPN (which you have to be on for admin access to the servers). I'm starting to miss the RSA SecurID fobs we used to have.
CROSS REGION!?! (Score:3)
cross-region potential outage impacting MFA
The whole point of being in the cloud is so if one region goes down you can switch over/fallback to the other region's servers to maintain uptime!!!
The whole point of the cloud is data access (Score:2)
The whole point of the cloud is not to have good service.
The whole point of the cloud is to hand over your data to a third party, and to NSA, not to let your users acess it.
Please stop your chirping (Score:2)
To all you ops guys who think no one can run infra as well as you:
Please stop the I told you so crap. For every one of you power-wizards, there are 100 fallible ops guys sitting in other chairs. Trust me, I've worked with a bunch of them over the last 40 years. Cloud platforms have outages a lot less than all the custom shops I've worked in, and I've worked in both big and small. Sure, Microsoft's outages are bigger and affect more people, but any particular company has only so much stuff that gets impa
This would have prevented employees... (Score:2)
... from accessing a host of internal applications at the company I was contracting with last Spring. And the internally-written authentication application was being slowly phased out and more internal applications were being migrated over to use the Microsoft application. By now, I expect that most, if not all, of those employee services were nicely locked down by Microsoft. One of these days, managers (and bean counters) will learn what is meant by "single point of failure".
Safety ? you don't need THAT feature ! (Score:2)
Safety ? you don't need THAT feature !