Microsoft says there was an Azure Active Directory problem that is making authentication issues for some customers. According to the company, the issue is sporadic but does affect users globally. It also manifests across services, such as Dynamics 365, Microsoft Teams, Microsoft Office, Xbox Live, and Azure.
First reports of the problem started on Monday and stretched into this morning (March 16). Microsoft has now updated its Azure Status Twitter to confirm the issue has been mitigated.
“Engineers have confirmed the issue impacting Azure Active Directory has been mitigated.”
When complaints first came in, Microsoft issued the following statement regarding Azure Active Directory:
“CURRENT STATUS: Engineering teams have identified a potential underlying cause and are exploring mitigation options. The next update will be provided in 60 minutes or as events warrant.”
🛠️Engineers have confirmed the the issue impacting Azure Active Directory has been mitigated. A detailed resolution statement can be found in the Status History at https://t.co/cMAHQp3dtz
— Azure Support (@AzureSupport) March 16, 2021
Microsoft says its analysis of the issue points to an error in the rotation of keys Azure AD uses with OpenID:
“As part of standard security hygiene, an automated system, on a time-based schedule, removes keys that are no longer in use. Over the last few weeks, a particular key was marked as “retain” for longer than normal to support a complex cross-cloud migration. This exposed a bug where the automation incorrectly ignored that “retain” state, leading it to remove that particular key.
“Metadata about the signing keys is published by Azure AD to a global location in line with Internet Identity standard protocols. Once the public metadata was changed at 19:00 UTC, applications using these protocols with Azure AD began to pick up the new metadata and stopped trusting tokens/assertions signed with the key that was removed. At that point, end users were no longer able to access those applications.”
If Azure AD has an uptime of less than 99.9% per month, users receive 25% service credit. If that number falls below 99%, they are entitled to 50%, and 100% if it’s below 95%. You can work out your downtime with the formula: “(User Minutes – Downtime)/User Minutes * 100)”.
Tip of the day:
Do you often experience PC freezes or crashs with Blue Screens of Death (BSOD)? Then you should use Windows Memory Diagnostic to test your computers RAM for any problems that might be caused from damaged memory modules. This is a tool built into Windows 10 which can be launched at startup to run various memory checks.