Users with Multi-factor Authentication (MFA) have been unable to sign into services since approximately 6:30am PDT today (10/18/2019).
For many admins, their worst fears happened this morning:
So, what happens during this time? Well first, users who are affected will need to relax and just wait for the situation to be fixed. If you are an admin, you can plan around how to handle this better next time (Yes, I'm sure it will happen again. This is a when, not if situation.)
As an administrator, being locked out of the Admin portals can be a big deal. You can't get any work done or even be aware of what else might be happening in your environment. How do you solve for that?
First answer: Break Glass Account. A Break Glass Account is an account that has access without relying on things such as Phone-based MFA or Federation. Here are some of Microsoft's best practices:
- The account should be a Cloud-only account that uses the *.onmicrosoft.com domain. Do not use a federated account.
- The account should not be associated with an individual. Make it something like "email@example.com" or something. You don't want to have to find the user it is tied to when an emergency happens.
- Make sure the authentication method is different than your other accounts.
- Exclude at least one account from phone-based MFA.
You can find more information around this here
If you have deployed MFA for your organization, hopefully you have deployed things like Conditional Access which can help avoid issues in a situation like today. If the policy is applied and the user is in a known location (like the office), they can still access their work. It will help minimize the impact to users in unknown locations (such as the local café).
Have you been affected by the outage today? If so, did you have a Break Glass Account? Did you have Conditional Access setup to minimize the impact?
ENow's Office 365 Solution Provides Visibility
ENow Software is the leading provider of Office365 Management solutions that helps you save money and increase end user productivity.
Let’s quickly walkthrough how ENow surfaces problems in real-time and enable our customers to successfully navigate the Azure AD outages to achieve SLA transparency.
Once today’s outage started to affect the ability to authenticate to Office 365 systems, the ENow OneLook dashboard turned red as a visual indicator for the NOC. You can see in the screenshot below that the Network and Directory & Authentication services are showing red.
The visual queue of the red indicators quickly show there are issues with the Office 365 service.
During today’s outage on October 18th, ENow customers were greeted with a failed multi-factor authentication status when selecting the failed network indicator.
ENow to the Rescue
ENow customers like Barclays, Facebook and Wells Fargo were able to quickly identify and drill down to the root cause of the problem as it was happening. Don't believe us? See how to triage outages using ENow!
Did you have the controls in place to visually spot the outage in real-time?