Microsoft confirms Azure, 365 outage linked to DDoS attack

Microsoft has confirmed that a Distributed Denial-of-Service (DDoS) attack caused an eight-hour outage affecting its Azure portal, Microsoft 365, and Microsoft Purview services on Tuesday. The company stated that the incident was exacerbated by its security response measures, which unintentionally amplified the attack’s impact.

The outage began around 7:45 a.m. EST, with users experiencing intermittent errors, spikes, and timeouts in Azure Front Door and Azure Content Delivery Network. Microsoft reported that by 10:10 a.m., initial networking configuration changes mitigated most of the impact, although some customers continued to face access issues. Just before 5 p.m. EST, the company achieved full resolution.

Microsoft’s investigation revealed that an unexpected spike in usage triggered the DDoS protection mechanisms, but an error in their implementation compounded the outage’s severity. The company plans to conduct a preliminary review of the incident within 72 hours and a final review in two weeks to analyze what went wrong and improve future responses.

This incident follows a global IT outage less than two weeks ago involving 8.5 million Windows devices due to a defective software update from CrowdStrike’s Falcon security platform. Microsoft has experienced similar disruptions before, notably in 2023, when pro-Russian hacktivists, including the group Anonymous Sudan, targeted the company with DDoS attacks.

In response to the latest attack, Microsoft made several configuration changes and performed failovers to alternative networking paths. After initial mitigation efforts, updates were rolled out first in the Asia Pacific and Europe regions, followed by the Americas.