Good morning! Except if you’re a hosted Microsoft customer who’s locked out of your account right now.
Microsoft’s cloud-based multi-factor authentication services went down across the globe early Monday morning, preventing access to users who are required to sign in using a second layer of authentication to their account, such as a text message, a push notification on their phone, or a hardware key. You hit the password page, and then you’re stuck — no code, no notification, nothing.
“Affected users may be unable to sign in,” said a notice on Office 365’s service health page, confirming the outage.
More than half a day later, the service is still struggling.
Engineers are actively investigating an ongoing issue affecting Azure Active Directory, when Multi-Factor Authentication is required by policy. Please refer to https://t.co/Dw19fIoS5H for updates.
— Azure Support (@AzureSupport) November 19, 2018
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
https://twitter.com/GossiTheDog/status/1064465569318092800
At the time of writing, Microsoft said it has deployed a hotfix to get the service up and running again, but will “continue to monitor any updates” for the next couple of hours. “We’ve received reports that users may no longer receive alerts, so we’re analyzing diagnostic logs to understand why,” the company added.
So far, there’s no clear reason for the outage, and the company is still investigating. A spokesperson for Microsoft said that while some users “are now authenticating successfully, we’re working to address the delay some customers continue to experience using multi-factor authentication in some regions.”
It’s not been a great week for Microsoft’s multi-factor authentication. On Friday, TechCrunch reported that Voxox, a SMS gateway provider used by Microsoft and other companies to deliver two-factor codes by text message, exposed millions of text messages, thanks to an exposed server. But sources familiar with Microsoft’s ongoing effort to remediate its multi-factor authentication outage said the two are not linked.
Multi-factor authentication adds a significantly greater layer of protection on an email account than just a password. But, as a crucial mechanism for users to log in, it’s also a single point of failure if the system breaks.
A system so secure that even its users can’t log in. Who knew?
A leaky database of SMS text messages exposed password resets and two-factor codes
