Microsoft confirmed today that a nine-hour outage on Tuesday, which disrupted multiple Microsoft 365 and Azure services globally, was triggered by a distributed denial-of-service (DDoS) attack.
The outage affected Microsoft Entra, several Microsoft 365 services, Microsoft Purview services (including Intune, Power BI, and Power Platform), Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, and the Azure portal.
In a mitigation statement, Microsoft revealed that the DDoS attack activated their protection mechanisms. However, an error in the implementation of these defenses amplified the attack’s impact instead of mitigating it.
“Once the nature of the usage spike was understood, we implemented networking configuration changes to support our DDoS protection efforts, and performed failovers to alternate networking paths to provide relief,” the statement said.
Microsoft initially attributed the outage to an “unexpected usage spike,” leading to degraded performance of Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components, causing intermittent errors, timeouts, and latency spikes.
The company plans to release a Preliminary Post-Incident Review (PIR) within 72 hours and a Final Post-Incident Review within the next two weeks, detailing the incident and lessons learned.
We've applied mitigations and rerouted user requests to provide relief. We're monitoring the service to confirm resolution and further information can be found at https://t.co/uSHwRmXFJZ or under MO842351 in the admin center.
— Microsoft 365 Status (@MSFT365Status) July 30, 2024
This isn’t the first time Microsoft services have been disrupted by DDoS attacks. In June 2023, a threat actor known as Anonymous Sudan, believed to have Russian links, launched Layer 7 DDoS attacks that took down Microsoft’s Azure, Outlook, and OneDrive web portals. Earlier this month, another widespread outage affected tens of thousands of Microsoft 365 customers, attributed to an Azure configuration change.
Additionally, massive outages impacted Microsoft 365 services in July 2022 due to a faulty Enterprise Configuration Service (ECS) deployment and in January 2023 following a Wide Area Network IP change.
