Service restored after glitch locks out Microsoft Office 365 business users

AfterOffice 365business users reported that they were unable to log in to their accounts in the early morning hours of Monday, November 19, Microsoft has acknowledged the issue and applied a fix that’s slowly beginning to restore service to affected users. Microsoft says the issue was caused by a problem related to the company’s multifactor authentication services.

Because Microsoft’s multifactor authentication services went down globally, users were unable to get the secondary six-digit code that is required to log in to their accounts,TechCrunchreported. The codes are typically either sent via text messages, push notifications, or through a hardware key. Microsoft has not disclosed what caused the multifactor authentication system to go offline, as engineers are continuing to investigate the problem. In the meantime, Microsoft has applied a hotfix to remedy the problem, allowing users to slowly regain access to their Office 365 accounts.

Azure users were also impacted by the glitch. “… Asia-Pacific and the Americas regions may experience difficulties signing into Azure resources, such as Azure Active Directory, when multifactor authentication is required by policy,” Microsoft posted on itsAzure status updatepage.

“We’ve applied some additional mitigation actions to implement some relief in the environment and have observed that a subset of authentication requests are completing successfully,” Microsoft stated in anOffice 365 status updatepage. The company noted that the hotfix “took time to propagate across the impacted regions, primarily Europe and Asia-Pacific.”

Most security experts generally recommend that users enable multifactor authentication on their accounts. In addition to requiring a username and password for logging into accounts, multifactor authentication secures an account with an additional piece of information, like a dynamically generated six-digit code that’s only valid for a specific amount of time. This makes it far more difficult for a hacker that has your username and password to log into your account.

When Google rolled outs itssecurity key policyfor employees, the company claimed that it greatlyreduced phishing attacksand its security exposure. Consumers can secure their online account withtwo-factor authentication, a hardware-based security key, or a multifactor authentication app, like Microsoft Authenticator or Google Authenticator.