Days-long Microsoft outage leaving users unable to login to Office 365


Keumars Afifi-Sabet

31 Oct, 2018

Microsoft is investigating the cause of a lengthy Office 365 outage that has persisted for several days, with business customers, predominantly based in the UK, experiencing difficulties signing in to their accounts.

Users have been reporting problems with logging in to their Office 365 accounts across social media since Friday 26 October, with system information site DownDetector also seeing a spike in user complaints.

These complaints receded over the weekend, but resumed again on Monday 29 October, and have been peaking during working hours since. The issue appears to be predominantly affecting users in the UK.

The issue manifests as additional login prompts appearing after users have entered their details into the username and password fields. The appearance of a second “security prompt” means many business users have been unable to access critical services.

Microsoft confirmed yesterday it was investigating the issue, adding a handful of recently-made changes were rolled back in an attempt to resolve the symptoms.

“We rolled back recent changes that were made in the environment and some customers are reporting that impact has been mitigated for SP152610 and EX152471. The source of the issue remains under investigation,” Microsoft tweeted.

“If you have a user that is actively experiencing impact, please reply to us or contact support so we can gather additional information to assist with our investigation.”

further update, released by Microsoft at 13.00 GMT today, suggested no additional reports of disruption had been received, and that the “impact was remediated on Tuesday, October 30” late in the evening.

But a handful of customers replying to Microsoft’s tweet have suggested this is not correct, with one user John Gardner admitting he still had at least three users still affected.

The frequency of users registering Office 365 complaints in the last few days on DownDetector

This issue, which has persisted for more than three working days, is the latest in a series of high-profile outages that Microsoft has sustained in recent months.

Microsoft Azure and some Office 365 services suffered disruption for more than 24 hours in September following a “severe weather event” that knocked an entire data centre offline.

Customers in the US, and a host of European countries were unable to access a number of cloud-based apps after lightning strikes caused a power surge to Microsoft’s San Antonio, Texas-based data centre.

In April meanwhile, a similar but less severe Office 365 outage meant users for were unable to login to their accounts for a short period, affecting customers in the UK, France, the Netherlands and Belgium.

A map of the areas affected by the latest Office 365 outage, taken on Monday 29 October from DownDetector

“The continuity of business critical systems is vital for organisations today to maintain productivity and effective customer service,” said cyber resilience expert at Mimecast, Pete Banham.

“This Office 365 issue is a clear reminder that in the cloud age, it’s often down to individual organisations to ensure they have a plan B.”

“Employees can also create security and compliance risks during downtime when using unsanctioned or consumer IT services to get the job done.

“We are urging organisations to consider a cyber resilience strategy that assures the ability to recover and continue with business as usual.”

Asked to assess the increasingly cloud-centric business ecosystem, in light of recent outages, Banham told Cloud Pro it’s a balancing act between bottom-line cost reduction, and putting faith into potentially unreliable third parties.

“The merit of this approach is most likely to be a bottom line cost reduction on paper, but the true cost of a single outage could negate this entirely.

“An ecosystem where businesses wholly depend on the reliability of cloud hosting services is unlikely to be sustainable. After all, few organisations can tolerate lengthy or frequent disruption to their IT services.

“There should always be a backup plan that assures the ability to recover and continue with business as usual despite an outage. This particular incident is another reminder that relying on a single cloud service isn’t the most effective cyber resilience strategy.”

Cloud Pro approached Microsoft for further comment, and for details as to how the issue arose. The company did not respond at the time of writing.