Multi-factor authentication, when applied correctly, can be a pretty solid safeguard against data theft and unauthorized service access. However, when something mucks up the process, it can be a nightmare for users, ultimately locking them out of their own data, services, and devices.
Earlier, in the month of November, Microsoft Azure customer lived that nightmare, briefly, and now the company has unearthed what it believes may have been the root cause of the multi-factor-authentication outage and are confident enough in their assessment to reveal the issues to the public.
According to a report from ZDNet's Mary Jo Foley, there were actually "three independent root causes." Around November 19th, Azure, as well as Office 365, Dynamics and other Microsoft services, suffered a 14-hour multi-factor authentication outage and the company is attributing the issue to latency issues in the MFA front-end communications to cache services, a race condition in processing MFA responses from the back-end server and an inability to process request from the MFA front-end.
The problems aren't over yet, however, as Foley is reporting another round of the MFA problems popping up for some users.
For companies relying on the MFA, Microsoft has outlined some future steps to help mitigate other instances of this type of outages such as reviews to is update-deployment procedures and monitoring services as well as an update to its communication process for its Service Health Dashboard and containment processes. All milestones and completion dates associated with Microsoft's updates to its MFA flow are set for either the end of the year or sometime in January.