Dive Brief:
- Microsoft said a DDoS attack led to an eight hour outage Tuesday involving its Azure portal, as well as some Microsoft 365 and Microsoft Purview services.
- Microsoft said an unexpected spike in usage led to intermittent errors, spikes and timeouts in Azure Front Door and Azure Content Delivery Network. An initial investigation showed an error in the company’s security response may have compounded the impact of the outage.
- Microsoft said it will have a preliminary review of the incident in 72 hours and a final review within two weeks, to see what went wrong and how to better respond.
Dive Insight:
The incident comes less than two weeks after a global IT outage involving 8.5 million Windows devices when CrowdStrike issued a defective software update in its Falcon security platform.
After initially learning of the incident, Microsoft made networking configuration changes to support its DDoS mitigation. The company also performed failovers to alternative networking paths.
This is not the first time the company has dealt with DDoS-associated disruption. Microsoft was the target of a series of DDoS attacks in 2023 linked to pro-Russia hacktivists, including a group known as Anonymous Sudan.
Microsoft said initial networking configuration changes mitigated the majority of the impact by shortly after 10 a.m. EST, just over three hours after the disruption began. Some customers subsequently reported less than 100% availability and the company began rolling out an updated response, first in Asia Pacific and then Europe.
After validating the successful mitigation, the changes were rolled out in the Americas.
Failure rates improved to pre-incident levels by the afternoon and by just before 5 p.m. EST the incident was declared resolved, nine hours after the disruption began.
“The Microsoft outage demonstrates the ease at which DDoS actors can wreak havoc against critical business services,” Donny Chong, director at NexusGuard, said in a statement.