Users of Microsoft’s cloud services were struggling to be productive today due to an issue preventing organizations logging if they require Azure multi-factor authentication.
Microsoft confirmed there was a problem affecting Azure Active Directory (AD) and multi-factor authentication (MFA) on Monday and was fielding complaints from users for at least 10 hours as engineers attempted to resolve the bug.
The Office 365 status page notes that users might not be able to sign in to Office 365 using MFA and that they might have problems doing self-service password resets.
The same issue is affecting Azure users in Europe, Asia-Pacific and the Americas regions. Users at any organization with a policy that requires MFA may see difficulties signing in until the issue is fully resolved.
“Starting at 04:39 UTC on 19 Nov 2018 customers in Europe, Asia-Pacific and the Americas regions may experience difficulties signing into Azure resources, such as Azure Active Directory, when Multi-Factor Authentication is required by policy,” Microsoft said.
Microsoft said engineers had deployed a hot fix which appeared to reduce user authentication errors, however the fix also resulted in some customers not receiving prompts to login via SMS or the Microsoft Authenticator app.
“Engineers are continuing to explore additional workstreams and potential impact to customers in other Azure regions to fully mitigate this issue,” Microsoft noted.
Microsoft has been encouraging customers to enable MFA, earlier this year announcing password-less sign in for business apps that connect using Azure AD. As the company noted at the time, using the Authenticator app for multi-factor authentication could drastically reduce compromises. However, today’s outage revealed a weakness in relying on the cloud for authenticating to business software.