Microsoft Blames Major Azure Outage On DDoS Attack, Staff ‘Error’
The outage impacted Microsoft 365, the Azure portal and multiple Azure services on Tuesday.
Microsoft disclosed that the major outage that impacted services including Microsoft 365 and Azure on Tuesday was initially caused by a DDoS (distributed denial-of-service) attack, though the outage was worsened due to an “error” by the Microsoft response effort.
The outage lasted nearly eight hours, according to Microsoft.
[Related: Microsoft: Windows ‘Clearly’ Needs Better Resilience After CrowdStrike Outage]
In an update on the incident, Microsoft said that “the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms.”
However, the impacts from the outage were exacerbated by a faulty response action taken by Microsoft teams, the tech giant said. Microsoft’s “initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it,” according to the company.
The Azure portal was impacted by the outage, while affected Azure services included Application Insights, App Services, IoT Central, Log Search Alerts, Azure Policy, according to Microsoft. Additionally, “a subset of Microsoft 365 and Microsoft Purview services” were also impacted, the company said.
"We have fully resolved the service interruption a subset of customers may have experienced on July 30,” Microsoft said in a statement Wednesday.
The outage came less than two weeks after the massive global Microsoft Windows outage caused by a defective CrowdStrike update. The outage that began July 19 hobbled 8.5 million Windows devices and had major impacts across air travel, health care and business.
Also on Tuesday, AWS suffered a significant outage that impacted Amazon services including Ring and Alexa, as well as Whole Foods supermarkets.
Meanwhile, the cause of the Azure outage also was reminiscent of the series of June 2023 Microsoft outages that turned out to be related to DDoS attacks.