An outage that preventing users from accessing Microsoft 365 and Azure Services was caused by a cyberattack, according to Microsoft.
Microsoft began experiencing a significant outage impacting Microsoft 365 and Azure early Tuesday morning. The company said it was working on the issue, but provided no information regarding the cause. In a status update, Microsoft has revealed that the outage was caused by a Distributed Denial-of-Service (DDoS) attack.
An unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes. While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.
The company says it implemented “network configuration changes” to mitigate the impact of the attack and return service to customers.
Once the nature of the usage spike was understood, we implemented networking configuration changes to support our DDoS protection efforts, and performed failovers to alternate networking paths to provide relief. Our initial network configuration changes successfully mitigated majority of the impact by 14:10 UTC. Some customers reported less than 100% availability, which we began mitigating at around 18:00 UTC. We proceeded with an updated mitigation approach, first rolling this out across regions in Asia Pacific and Europe. After validating that this revised approach successfully eliminated the side effect impacts of the initial mitigation, we rolled it out to regions in the Americas.
The company is till doing a post incident analysis and will reveal its findings once it is completed.