Hindsight: What Happened With Azure Active Directory This Week?

To quote the infamous line from Paul Newman’s 1967 classic, Cool Hand Luke, “What we have here, is a failure to communicate.”

On March 15th, Microsoft users globally found themselves unable to use a wide range of services including Teams, Exchange, M365, and even Xbox.  It was not an issue with those services directly but the service that allows those applications to authenticate users and devices:  Azure Active Directory.

Azure Active Directory (Azure AD) is an authentication service that validates users and objects in order to grant access to other applications and services.  For example, a user logs into a user account managed by Azure AD.  After a user is successfully validated, the systems will grant access to any application the user account has been given permission.

If Azure AD can not authenticate users or other objects, the communication between them is blocked and access is restricted.

Microsoft summarized the root cause of the outage on March 15th as “an error [that] occurred in the rotation of keys used to support Azure AD’s use of OpenID, and other, Identity standard protocols for cryptographic signing operations.  As part of standard security hygiene, an automated system, on a time-based schedule, removes keys that are no longer in use. Over the last few weeks, a particular key was marked as “retain” for longer than normal to support a complex cross-cloud migration. This exposed a bug where the automation incorrectly ignored that “retain” state, leading it to remove that particular key.”[1]

Microsoft was successful in rolling back recent updates to their Azure AD services but not before some customers felt the pain for almost 14 hours.

The impact appears focused on Microsoft applications and services.  No reports of outages reported by those using Azure AD for tenant-based domain authentication.  This is where customers utilize Azure AD to authenticate access into their internal systems.

Unfortunately, there is not a way a customer can mitigate against internal Microsoft outages, but it does give warning to those who do use Microsoft AD as a primary or secondary method of authentication.

Microsoft Active Directory is based on a distributed model in which multiple Directory Controllers synchronize user accounts to validate users.  To mitigate exposure to customer tenant Microsoft AD services becoming inaccessible, it is recommended that companies always deploy a secondary Directory Controller outside Microsoft’s environment.   This would include onsite deployment or in another hyper-scale cloud such as AWS.

Microsoft has reported several outages at some level over the last year.  If you’re concerned about possible outages affecting your clients, contact your Solution Engineer to review suppliers that can help set up Azure AD disaster recovery options.

[1] “Azure Status History,” Azure.Com, last modified 2021, accessed March 16, 2021, https://status.azure.com/en-us/status/history/. For possible outages affecting your clients, contact your Solution Engineer to review suppliers that can help setup Azure AD disaster recovery options.

Blogs, Announcements, & Press

Quick Links

ScanSource

Intelisys University

MyIntelisys

Privacy Policy

California Consumer Privacy Statement

Get In Touch

Phone: 800.615.8330
Email: intel_info@scansource.com

Press Inquiries:
Natalyn Klump
Public Relations Manager
natalyn.klump@scansource.com
864.286.4420

Facebook Youtube Linkedin Instagram

Ken Mills

President

Ken Mills serves as President of Intelisys and is committed to driving growth for Intelisys and our partners. As a distinguished technology executive with over two decades of experience, Ken has previously held leadership roles at EPIC iO, Dell Technologies and Cisco, and served as a fellow with the U.S. Department of State. His strategic mindset has been an integral part of launching innovative products and solutions in the fields of AI, IoT, and 5G. Ken is driven by his curiosity and passion for groundbreaking technology and complex problems, and constantly explores new frontiers in the world of technology.

Monica Lutes

Manager, People & Culture, ScanSource, Inc. and Intelisys

As Manager, People & Culture, Monica has worked closely with Intelisys employees and leaders since 2018 and has worked with ScanSource companies since 2016. A Human Resources professional with 11 years of experience encompassing all areas of HR, especially employee relations, recruiting, compliance, and training, Monica approaches her role as Manager, People & Culture from a consultative perspective. Her goal is to provide advice and guidance to leaders so they can focus on growing the best teams for the business while also supporting employees’ goals.

Ansley Hoke

SVP Marketing, ScanSource, Inc. and Intelisys

Ansley Hoke is the Senior Vice President of Marketing at ScanSource, Inc., a role she has held since 2019, and extended her leadership to include Intelisys in 2023. She joined the company in 2001, serving in merchandising leadership roles for ScanSource POS and Barcode, including acting Vice President of Merchandising and then later VP of Merchandising for ScanSource Catalyst and overall VP of ScanSource Catalyst. She oversaw sales, supplier relations, and services. Known for her pivotal role in creating effective marketing strategies, Ansley has been integral in driving demand, enhancing partner programs, and significantly contributing to the company’s revenue growth and channel relationships.

Mike Baur

CEO of ScanSource, Inc. and Interim President of Intelisys

Mike Baur serves as Chairman and Chief Executive Officer at ScanSource. Mike has served as the Company’s President or CEO since its inception, as a director since December 1995, and as Chairman of the Board since February 2019. Mike has developed a deep institutional knowledge and perspective regarding ScanSource’s strengths, challenges and opportunities. He has more than 30 years of experience in the IT industry, having served in various leadership and senior management roles in the technology and distribution industries before joining ScanSource. Mike brings strong leadership, entrepreneurial, business building and development skills and experience to the Board.

Stephanie Bouras

Regional Vice President, Southeast

Driven by a partner-first philosophy and a passion for innovation, Bouras embodies a leadership style that’s both compassionate and data-driven. As the Regional Vice President, Southeast, at Intelisys, she’s leveraged her extensive marketing and sales experience to propel her team to new heights. A firm believer in aligning herself with her partners, she sees herself as a collaborator and an integral part of their business. This perspective has allowed her to forge deep connections and drive success. A Florida native, Stephanie’s attention to detail and unwavering commitment to her partners have been key factors in her success.

Michael Raspanti

Regional Vice President, Northeast

Michael joined Intelisys in June of 2020, as a long-time channel veteran. He is responsible for leading the Northeast Region, helping continue the tremendous momentum in one of our strongest markets while also recruiting new up and coming partners that will be the growth engine of our future success.

Kristy Thomas

Vice President, Partner Experience and Enablement

Thomas is responsible for Sales Partner enablement and education for all our technology segments, including CX, managed security, mobility, and connectivity. With over 20 years of executive background in telephony, UCaaS, CCaaS and Cloud services, Kristy enables her customers to think broader and deeper as she guides them through their decision journey. Some of the biggest deals in the channel have become a reality thanks to the expertise and humble excellence Kristy brings to her client’s projects.