CyberSecurityBoard
Sponsor Register Login

Microsoft Attributes Recent Microsoft 365 Outage to Authentication Token Failure

Microsoft confirmed a significant outage affecting its Microsoft 365 suite on March 3, 2025, linking the disruption to a critical failure in its authentication token system. While Microsoft assured users no data was compromised, the outage highlighted dependencies on centralized authentication systems without fallback protocols. We've detected a potential authentication token issue that may be contributing to impact, and we're further examining this pathway to determine our next troubleshooting steps. We're investigating an issue impacting Microsoft Teams-provisioned auto attendants and call queues. Microsoft identified the root cause as a breakdown in the silent token refresh mechanism, a core component of its identity management framework. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. We've identified a recent change that inadvertently caused impact to auto attendant and call queues. Authentication tokens, which validate user identities without requiring repeated logins, failed to renew automatically due to unresponsive regional servers. Microsoft’s Incident MO1022159 noted the problem originated in Canada, where routing issues with local ISPs like Rogers exacerbated the outage. For more details, please see TM1022107 in the Microsoft 365 admin center. Services resumed fully by 2:20 AM, but the outage underscores cloud infrastructure’s vulnerability to authentication bottlenecks. The incident, which impacted users across Canada and parts of the U.S. for nearly three hours, prevented access to Outlook, Teams, and OneDrive. Additional information can be found in the admin center under TM1022107. Administrators temporarily mitigated the issue by clearing cached tokens or restarting the Click-to-Run service—a stopgap solution discussed in Reddit threads. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. This triggered a large amount of authentication errors, locking users out of cloud-based applications.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 04 Mar 2025 06:55:03 +0000


Cyber News related to Microsoft Attributes Recent Microsoft 365 Outage to Authentication Token Failure

CVE-2022-48826 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
Microsoft Attributes Recent Microsoft 365 Outage to Authentication Token Failure - Microsoft confirmed a significant outage affecting its Microsoft 365 suite on March 3, 2025, linking the disruption to a critical failure in its authentication token system. While Microsoft assured users no data was compromised, the outage ...
1 week ago Cybersecuritynews.com
Microsoft links recent Microsoft 365 outage to buggy update - While Microsoft resolved the Microsoft 365 authentication problems over the weekend, another advisory published on the admin center states that Exchange Online users still have issues accessing their calendar entries and email messages using the iOS ...
1 week ago Bleepingcomputer.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
From Implicit to Authorization Code With PKCE, BFF - Lack of Refresh Token Support occurs when there are no refresh tokens, and frequent requests for new tokens are necessary, increasing the chances of token leakage and misuse. The Implicit Flow had several security vulnerabilities, such as token ...
8 months ago Feeds.dzone.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Microsoft 365 To Block Downloaded Excel XLL Add-Ins To Boost Security - Microsoft has recently announced that in order to help improve security, Microsoft 365 is now blocking the download of XLL add-ins for Excel on both Window PCs and Apple Macs. This new feature will be put into effect early 2021, affecting both Office ...
2 years ago Bleepingcomputer.com
Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000% - Deceptive actors are manipulating pool liquidity, sending token prices soaring by a shocking 22,000%. 80,000 Heist Unveiled: The manipulation of pool liquidity resulted in a swift and calculated theft of $80,000 from unsuspecting token holders. Check ...
1 year ago Blog.checkpoint.com
Microsoft 365 Outage Takes Down Teams, Exchange Online and Outlook - Microsoft experienced an outage on Tuesday, October 20th which caused major disruption to its Microsoft 365 service. It affected Teams, Exchange Online, and Outlook users and caused difficulty related to email sending and receiving, authenticating, ...
2 years ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com
New Microsoft 365 outage impacts Teams, causes call failures - Over the weekend, Microsoft said it addressed another Microsoft 365 outage that affected Outlook and Exchange Online authentication and caused Teams and Power Platform degraded functionality. Redmond linked this weekend's incident ...
1 week ago Bleepingcomputer.com
Microsoft 365 Outage Caused by WAN Router IP Change - Recently, many users experienced an outage of Microsoft 365 services due to a WAN router IP change. The outage caused interruptions for some subscriptions, forcing users to wait for hours before accessing the services again. Users experienced ...
2 years ago Bleepingcomputer.com
Microsoft fixes Entra ID authentication issue caused by DNS change - "Between 17:18 UTC and 18:35 UTC on 25 February 2025, customers attempting to authenticate with Microsoft Entra ID using the Seamless SSO and Microsoft Entra Connect Sync features may have experienced DNS resolution failures when trying to access ...
2 weeks ago Bleepingcomputer.com
CVE-2024-50022 - In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in dax_set_mapping() pgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise, vmf->address not aligned to fault_size will be aligned ...
4 months ago Tenable.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
11 months ago Techcommunity.microsoft.com
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com
CVE-2023-50713 - Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, ...
1 year ago Tenable.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
1 year ago Bleepingcomputer.com
Kwik Trip finally confirms cyberattack was behind ongoing outage - Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it's investigating a cyberattack impacting the convenience store chain's internal network since October 9. This outage has been causing widespread IT system disruptions and is ...
1 year ago Bleepingcomputer.com
CVE-2021-32638 - Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token ...
2 years ago
Botnet targets Basic Auth in Microsoft 365 password spray attacks - SecurityScorecard also highlights that you may be able to see signs of the password-spray attacks in Entra ID logs, which will show increased login attempts for non-interactive logins, multiple failed login attempts from different IPs, and the ...
2 weeks ago Bleepingcomputer.com
Microsoft Services Down: Xbox, Azure, Teams, Office 365 Experiencing Technical Difficulties - Microsoft services including Xbox, Azure and Office 365 are reportedly down. Several Microsoft users have started to complain about technical difficulties online. Many of them have mentioned that they can no longer sign in to Xbox and other Microsoft ...
2 years ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)