Security News > 2024 > July > Microsoft says massive Azure outage was caused by DDoS attack

Microsoft confirmed that a nine-hour outage on Tuesday, which disrupted numerous Microsoft 365 and Azure services worldwide, was caused by a distributed denial-of-service (DDoS) attack. Affected services included Microsoft Entra, Intune, Power BI, Power Platform, Azure App Services, and others.

The company explained that their DDoS protection mechanisms were triggered, but an error in the implementation of their defenses exacerbated the attack's impact. Once the issue was identified, Microsoft made networking configuration changes and rerouted to alternate paths to mitigate the problem.

This confirmation came after initial reports attributed the outage to an "unexpected usage spike" that affected Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components, leading to errors and latency issues. Microsoft plans to release a Preliminary Post-Incident Review (PIR) within 72 hours and a Final Post-Incident Review in two weeks, detailing the incident and lessons learned.

In June 2023, Microsoft also faced a significant DDoS attack by Anonymous Sudan, linked to Russia, targeting Azure, Outlook, and OneDrive services. Additionally, a widespread outage earlier this month affected Microsoft 365 customers due to an Azure configuration change. Past significant outages occurred in July 2022 and January 2023 due to ECS deployment and Wide Area Network IP changes, respectively.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-massive-azure-outage-was-caused-by-ddos-attack/