Microsoft explains Azure AD slowdowns

In the aftermath of Microsoft’s announcement of its new Entra line of cloud identity services, one of its key products saw performance falter for more than 12 hours.

Microsoft warns that users of its Azure Active Directory (AD) identity service, and several downstream Azure services, may have received “missed or incorrectly triggered alerts”. This is potentially a headache for customers who rely on Azure AD to control employee access to Office 365 and other applications.

Users may also have had issues accessing Azure Portal, MSGraph, Log Analytics, PowerShell, and Application Insights.

A fix has been deployed

The company has now rolled out a fix for the issue, which engineers have determined to be caused by a “recent change to the underlying infrastructure”.

Although not an outage, there was an extended period of “significant delays” in data logging from Azure AD and other services, which affected US Azure customers on 31 May and its European customers on 1er June morning.

“Between 21:35 UTC on May 31 and 09:54 UTC on May 1er June 2022, users may have experienced significant delays in the availability of logging data for resources such as logon and audit logs for Azure Active Directory and other Azure services, accessing tools such such as Azure Portal, MSGraph, Log Analytics, PowerShell, and/or Application Insights. This impact may also have led to missed or incorrectly triggered alerts, ”explains Microsoft.

After rolling out the fix, Microsoft removed the issue from the Azure status page, which previously stated that the logging issue affected Azure AD globally.

Azure AD at the heart of the Entra suite

While trying to fix the issue, Microsoft reported that services built on Azure Resource Management were also experiencing issues. “Meanwhile, services dependent on Azure Resource Manager may also have experienced failed CRUD operations (create, read, update, and delete), with some requests experiencing failures when communicating with other Azure services,” Microsoft said.

Azure AD is at the heart of Microsoft’s new Entra suite of identity services and is used by millions of organizations to manage multi-factor authentication, conditional access, and application authentication on-premises and in the cloud.

Entra also includes Azure AD External Identities to manage B2B and B2C logins, as well as Cloud Infrastructure Entitlement Management (CIEM) and Decentralized Identity.

Cascading consequences

When Azure AD goes down, it affects other cloud services. In September 2020, Office 365 users were unable to access their applications due to an extended Azure AD outage. Then, in March 2021, a 14-hour Azure AD outage prevented users from accessing Office, Dynamics, Teams, Xbox Live, and the Azure portal.

Given the length of the last Azure AD outage, Microsoft said it will continue to investigate what happened to establish the “root cause” of the issue and determine how to avoid another outage.


Leave a Comment