Microsoft said an outage last Friday in Azure was due to an anomalous spike in HTTP requests with error messages generated across multiple geographic locations, in a preliminary report. The disruption impacted access to Azure, as well as Microsoft Entra admin center and Microsoft Intune.
The outages followed a week-long series of disruptions in Outlook and other services, including OneDrive, Microsoft Teams and SharePoint Online.
Microsoft last week said it was investigating the outages amid claims by hacktivist group Anonymous Sudan that had launched a series of DDoS attacks against the company, which led to the outages.
Mattias Wåhlén, threat intelligence expert at Truesec, said the description of the anomalous spike during the Azure outage is essentially what happens during a DDoS attack.
“The attacker generates a large volume of traffic that overloads the server connections and makes it temporarily unavailable,” Wåhlén said via email. “Sort of a digital car pileup.”
Servers can theoretically become unavailable for other reasons, however Microsoft confirmed a spike in incoming traffic, so the explanation is almost certainly from an attack, Wåhlén said.
Microsoft noted the review of the Azure outages was preliminary and said a full review of the Azure outages would take a total of 14 days.
Internal monitoring alerted Microsoft to the Azure outage and its engineering teams began working on the issue within 15 minutes, the company said.
It took several steps to restore service, including adjustments to firewall and traffic throttling rules.
Microsoft said Azure Command Line Interface and PowerShell were not impacted by the outage and customers and partners can still use these services to manage their Azure environments.
Microsoft officials did not have any comment beyond the preliminary report when asked about the cause of the Outlook outages and the claims by the hacktivist group.