October 28, 2019

Azure And MS Office 365 MFA Issues

Oh, how have the mighty fallen?  It seems that in addition to security and identity breaches making headline news more often than not, we now are seeing headlines of when security technology fails. This is significant from the perspective that we have to rely on specific security technology in order to provide a base level of protection, but when that technology fails, we are completely at the mercy of both the vendor, to get the tech working again, and the potential cybercriminals, who will take advantage of this failure. Ultimately it is personal and business productivity that suffers the most.

Digital Productivity

The digital revolution started in the 1950’s as early computers were able to shift mechanical/analog processes to digital delivering exponential time, cost and productivity savings. This revolution took over in the early 1980s with the introduction of affordable personal computers and the world has never been the same since.  Almost everyone uses some form of personal productivity tool for writing, processing numbers and communicating via email and the undisputed king of this being Microsoft with their Office and Office 365 suite of solutions.

Microsoft has long since won the battle for productivity tool usage supremacy for both personal and business use.  The latest statistics as of Sept 6, 2019 from DMR Business Statistics are:

  • # of MS Office users: 1.2B
  • # of Office 365 users: 155M/month
  • # Outlook Mobile App users: 100M

So, with hundreds of millions to billion of users relying on this for their daily productivity, it stands to reason that access to those tools are paramount and the need for secure authentication even more important.  So, what happens if something goes wrong?

Microsoft's Latest MFA Issues

The short answer is that millions of people lose access to their personal/business productivity tools and productivity suffers measurably. According to a ZDNet article titled “Multifactor authentication issue hitting North American Azure, Office 365 users

“A widespread multifactor authentication (MFA) issue is hitting a number of Microsoft customers in North America this morning, October 18. The exact cause of the problem is not clear at the moment, but Microsoft's engineering team says it is working on it.”

The article later updates with:

  • “Microsoft says the issue was resolved around 12:50 p.m. ET. A root-cause analysis will be available in the coming days, officials say
  • Preliminary root cause: Engineers are continuing to investigate root cause. A follow up RCA will be provided in the coming days.
  • Mitigation: Engineers took corrective action to fully mitigate the incident. Further details on mitigation actions will be provided in the RCA.
  • Next steps: Engineers will continue to investigate to establish the full root cause and prevent future occurrences."

Although Microsoft eventually got the MFA working again eventually, there was literally $millions in lost productivity in the interim. And even more unfortunately, it turns out that this has happened before, more than once. According to o365reports.com:

“This kind of outage has happened twice already.

    • January 29,2019 – European users were unable to login to their Office 365 services.
    • November 19, 2018 – Office 365, Azure users are locked out after a global multi-factor authentication outage.”

So, something is clearly needed to address current MFA failures, and that is where a continuous behavioral authentication solution comes into play.

Continuous Behavioral Authentication Can Overcome These Issues

Acceptto is built on the premise that your credentials today, and those that you’ve yet to create, have already been compromised. Your identity cannot simply be based on a password or a one-time token or only your biometrics. Your immutable identity is a combination of your physical behaviors, attributes and digital DNA. We call it Cognitive Authentication. You can eliminate preventable harm with our Biobehavioral AIML technology that enables frictionless authentication, prevents credentials stuffing instantaneously, ensures your true immutable identity continuously, and dramatically reduces risk, likelihood of fraud and cost of helpdesk operations without the guesswork or latency.

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Enterprise Management Associates’ Ten Priorities For Identity Management in 2019  today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.

Download EMA Top 3 Identity Management Report

MFA continuous behavioral authentication MS Office 365