MFA Lockout For Microsoft & Azure Users Causes Business Disruption

The latest multi-factor authentication (MFA) issue left users of Azure and Microsoft Office 365 unable to login to their accounts on Monday 21st, causing widespread disruption to businesses in Europe, Asia, and some parts of the US.

What Happened?

According to reports by Azure, the root cause was a European-based database, reaching operation threshold with requests from MFA servers.  This led to latency and timeouts, and an attempt to re-route traffic through North America caused the extra traffic to block servers.

Finally Rectified

After lasting from 4.39 am to the evening in the UK, the problem was finally rectified.  According to Microsoft reports, services could be resumed after engineers removed the link between the backend service and the Azure Identity MFA service, thereby allowing the impacted servers to catch up with the existing authentication requests.

Happened Before

This was certainly not the first time that disruptive outages had occurred with Azure and Microsoft’s service.  For example, a global outage in September this year affected Azure and Office 365 users worldwide after one of Microsoft’s San Antonio-based servers was knocked offline by severe weather.  Also, in October, UK Office 365 users endured a 3-day-long outage and had the frustration of having more login prompts appearing after their user credentials had already been entered.
Price Rise Makes Outages More Annoying
In addition to the obvious costly business disruption, the spree of outages occurring around the time of announcements of new commercial prices i.e. an increase of 10% over previous on-premise pricing (4% increase for employees who are part of a volume discount agreement), the service failures caused even greater annoyance.

MFA

Multi-factor authentication, which works by requiring any two or more verification methods for a login / transaction, such as a randomly generated passcode, a phone call, a smart card (virtual or physical), or a biometric device, is designed to be beneficial to a user and their business because it should provide an extra layer of security for user sign-ins and transactions.  Unfortunately, in the case of this most recent outage, MFA cost users rather than helping them.

What Does This Mean For Your Business?

For some companies, the recent outages at Microsoft and Azure are likely to bring into focus the dangers of placing huge operational dependency on one environment i.e. Microsoft, and of trusting a single cloud supplier to keep connected and productive during unplanned (and planned) email outages, especially when you have no independent cyber resilience and continuity plan.  In recent months, many businesses will have been counting the productivity costs of sticking to a software-as-a-service monoculture with a company whose service has let them down on several occasions.  Unfortunately, the dominance of big tech companies with their familiar Operating Systems and environments, and the fact that most businesses are committed to them with few possible, practical alternatives to choose from, mean that most businesses may simply have to unhappily endure the outages and weigh them up against the benefits and reliability of the environment generally.

For Microsoft, these outages can be damaging to its reputation and can shake the trust of its prized business users.

Microsoft Education For Dyslexics

In partnering with charity ‘Made by Dyslexia’, and in signing the Made by Dyslexia pledge, Microsoft has announced that it is the first company to sign a global pledge to help people with dyslexia.

Dyslexia

Dyslexia is a lifelong condition that is not related to intelligence. Those with the condition experience difficulty with reading, spelling, writing and sometimes speaking because their brains have trouble recognising or processing some types of information.

It is estimated that it affects 700 million people worldwide and at least 5% of schoolchildren have dyslexia. In many cases, these schoolchildren are often (mistakenly) labelled as having a learning disability, which is why it is believed that they could make up as much as 85% of special education classes.

The Pledge & Partnership

The ‘Made By Dyslexia’ pledge that Microsoft has signed-up to states that the tech giant will endeavour to recognise dyslexia as a different and valuable way of thinking, understand the importance of identifying each dyslexic and their pattern of strengths and challenges, and give targeted support to dyslexics to enable them to harness their strengths and flourish.

The Pledge says that this can be achieved by “skilling up” staff in schools with regard to spotting, understanding, and how best to support those with dyslexia, using digital screeners to check whether people are dyslexic, and making sure that tests and assignments are adjusted so dyslexics can demonstrate their full knowledge and skills.

Through the pledge, Microsoft is essentially partnering with the global charity ‘Made By Dyslexia’, which describes itself as being led by successful (and famous) dyslexics.

What Will Microsoft Do For Dyslexics?

Microsoft has said that by adhering to the pledge, it hopes to democratise Dyslexia support, and it’s been reported that Microsoft’s contribution will include the creation of free training materials, including short films and reading tools, which are designed to help teachers and parents improve ways of spotting Dyslexia. Microsoft is reported to be working with top researchers and partners in the dyslexic community, with the hope of encouraging those involved in a child’s life to intervene earlier, and thereby improve their future.

Microsoft has announced that it will expand access to (and improve ease of) implementation of a number of tools, including:

  • The Dictation Tool in Learning Tools – to help students to write with their voice.
  • The Immersive Reader tool – to help students with maths problems, to invite all learners into the conversation, and to support students in their native language with real-time translation.
  • A partnership with the University of Washington – to help students sound out words.

What Does This Mean For Your Business?

As the ‘Made By Dyslexia’ charity demonstrates, dyslexia needn’t be a barrier to success if the right support and tools are available to help those with the condition. Dyslexia is not linked to intelligence, and it presents many extra challenges to those who have the condition. Understanding this and providing help in the form of adherence to the pledge, means that Microsoft is seen to be taking a high profile lead and demonstrating that it understands that those with Dyslexia are just as valuable in the workplace as those without, and that providing help at a young age can help dyslexic people to reach their potential.

Microsoft, like many other big tech companies, is showing how old problems can be tackled with new methods, hopefully with success.

Cloud Backup

Cloud-backup

We’ve taken a while to get on board with cloud backup solutions. Due to cost, maturity of the available offerings and the general performance limitations, including that of many Internet connectivity options, we just didn’t think it was reliable or cost effective.

Things change and now we have the following portfolio of cloud based backup options. What suits your environment and the functionality, costs and performance will vary from client to client so please get in touch if you’d like to discuss.

File/Folder Backup

A cloud backup solution to backup any number of devices and charged per month based upon usage. Prices are such that a daily backup of your accounts data spanning several months should costs less than a family mean at MacDonalds.

Office 365

Microsoft provide good data security and safety. Versioning is excellent and most data can be recovered from the past 30-90 days depending upon the service.

However……..we can build on that by providing complete, unlimited backup of  your Office365 user data from the point you start using the service, for a company with up to 25 employees this would have a monthly cost of £60.

Benefits include:

  • 3x/ daily backup for Office 365’s Exchange, OneDrive and SharePoint
  • Perform additional backups as needed at any time.
  • Security controls that include compliance with SOC 2 Type II, HIPAA, and PCI Compliant. Data is secured with 256-bit encryption.
  • Browse and preview backups by user and item. Search for metadata.
  • Restore individual files or groups of files back into a user’s account or export them directly to your machine.
  • Monitor data with domain health status and activity log.
  • Store an unlimited amount of data in the backup Cloud forever.

Business Continuity

Cloud or remote site hosted reverse chain image based backups of servers with instant restore and hosted virtualisation that boots in seconds. Got it? Ok, let’s say if you have a business that would suffer should your server go down for more than a few minutes this could be just what you need. Probably best to get in contact so we can explain, discuss and demo.

O365 – Free Skype Meetings

Firstly, a quick apology to our non-Office365 clients. A large proportion of my posts will be regarding Office 365. That’s because most of our clients are now on the platform and I hope the remainder will follow when the circumstances dictate. In the meantime, look at the post as information on what’s possible with Office 365.

I’ll try and remember to prefix posts as above so you know if they’re immediately relevant to you.

Most Office365 plans will include Skype for Business. You can use it for Instant Messaging internally, externally (try adding me as a contact to test it – see my email footer) and as a phone system. Lorica’s phone has now been ported from an internal 3CX (software PBX) to Skype for Business meaning one less server for us to look after and global mobile access on a variety of devices.

This post is about a recent extra benefit whereby you can use Skype for Business for meeting. Follow the link here to an Office Blogs post with more details.

As usual, contact me if you have any questions.

Office365 Credentials

You have a set of Office365 credentials which permit you access to the services.

IMPORTANT : You need to know these and be able to use them on the portal

( http://portal.office.com )

They consist of a username and a password.

 

 

 

 

Your tenancy name is appended to “onmicrosoft.com” as the full reference and we try and combine this with your first and last names to make your username.

So, for Fred Bloggs at Acme Corp the username would be FredBloggs@acme.onmicrosoft.com . Yes, this looks like an email address and you will receive any emails directed at it.

It’s also possible to allocate your own domain name as your email address. So if Fred has an email address of fred@acme.com then we could set that as the Office 365 username.

We prefer not to do so for the following reasons:

  • Your company might have several domains, acme.com and acmeexplosives.co.uk for example so remembering which one is your Office365 username could be a problem.
  • We automate some of our admin tasks using scripts and programs and having a standard username format makes this feasible
  • Using your own domain name means logging on won’t work if there are any DNS problems. Just another thing to go wrong!
  • People might not easily guess your Office365 username if they know your email address and are attempting to hack your account.

Signing in to the Office 365 portal

Office 365 is a cloud service, which means it’s hosted “somewhere else” and this has one very significant advantage. It’s not dependant on anything you own or maintain.

So, as long as you have access to a web browser (Internet Explorer/Edge, Chrome or Firefox) you can log in to the service and use most of the functionality.

To do so, you need your Office365 credentials, which consist of a username and password.

Then go to the URL for the portal, which is https://portal.office.com and login.

Here is a Microsoft tutorial page on signing in.

Temporary Remote Access

Most of our support is accomplished without time consuming and expensive site visits through remote access using our RMM (Remote Management and Monitoring) agent, a small program that silently runs in the background on machines that are under contract. If you don’t have this installed, perhaps it’s a new PC or you’re looking for assistance with a machine not under contract, then there’s an alternative method for you to allow us remote access on a temporary basis.

This is done by downloading and installing the TeamViewer Quick Support program.

Please be aware this is for our non-commercial customers only. For business usage Teamviewer requires a license purchase.


 
 

http://download.teamviewer.com/download/TeamViewerQS.exe

Click on that and then accept any invitations to run or install. Once it’s installed you’ll be given an ID and a numerical password, both of which you need to pass to us in a secure manner.

User accounts, Mailboxes and email addresses

  • Here’s an informational post. It’s a small thing but if you can get your head around what constitutes a user account, a mailbox and where an email address comes in it does mean we can all use the same correct terminology and that means less confusion, better communication and things get done quickly and correctly.
    • User Account
      • A user account is an account for a user so that they can gain access to a resource, or set of resources. Now, that resource could be a server, printer, mailbox or any combination of them. A user account will have a set of credentials associated with it, most usually a username and password.
    • Mailbox
      • A mailbox is a repository for email and often other associated information, such as calendar appointments, tasks and so on. If someone wants to access a mailbox they’ll normally need permission to do so through an associated user account. Mailboxes can exist for other resources such as meeting rooms, equipment or SharePoint libraries. Most commonly though, you might want a shared mailbox for several people to use.
    • An email address
      • Really, this is just a destination for email. Very much like a house address, it might have one person associated with it, it might have many, like a hotel or factory, it might just re-direct stuff elsewhere, like a PO box.

 
 

Mostly it’s assumed that all three of the above are, to some extent, one and the same. However, this isn’t always necessarily the case.

Service requests.

If you need any of the following setting up, which we’re happy to do for you, please read on so that you know what to ask for and the information you need to supply. Obviously, most of the time this won’t be a critical service issue as you’ll know in good time so please make our life a little easier and make your request in advance.

  • User account
    • The user’s full name
    • Any relevant personal information which may be mobile number, working location, hours of work etc.
    • The primary email address for their mailbox as well as and further addresses (if their name is easily misspelt, it’s often an idea to include a variation of their primary email address that includes the misspelling)
    • The machine(s) the user will be access rights to
    • Any distribution groups (see below) or security groups they need to be members of
    • When they start
    • What assistance they may need when they start (setting up a smartphone or tablet for example)
  • Mailbox (you may request a mailbox but one will normally be created with a user account)
    • If a shared mailbox, detail who needs access and what permissions
  • Email address
    • Detail what mailbox (Fred’s mailbox, or the shared accounts mailbox) you need the address adding to
    • If you need a distribution group creating, details the email address and the list of recipients.

If a redirector of some sort (maybe to an external contact) details the address and where it’s to go to.

Types of Support Tickets

Our support system revolves around a single important concept.

Each issue, problem, request or whatever equates to one ticket. That’s how we track what has been done, what needs to be done, who’s said what to whom and how much time we’ve spent.

So, it’s an important part of our support procedure that you, as the customer, keeps track of the ticket number that relates to your request. It should be on any emails you’ve received relating to the issue and you should ask for it if you call in. We have a supply of post-it notes where you can record a ticket number and details of the issue and stick it on your monitor, laptop or in your wallet or diary.

 

  • Issue – a single issue that needs to be addressed
  • Problem – A whole group of issues that have their root cause in one problem
  • Service Request – nothing wrong, but a request to do something such as updates or changes