On June 5, 2023, Microsoft experienced a widespread outage impacting various Microsoft 365 services. Initially reported as a barrage of duplicate Exchange Online health status emails, the issue extended beyond Exchange and affected most Microsoft Office 365 services. The incidents were identified as EX571516 and MO571683.
Contents
EX571516:
This incident initially affected some users’ access to Outlook on the web and caused issues with other Exchange Online services. However, it soon became evident that the problem was more extensive than initially thought.
MO571683:
Microsoft later recognized that the issue had a broader impact, leading to the creation of Incident MO571683. This incident indicated that multiple Microsoft 365 services and features were affected.
The outage was detected proactively by Exoprise sensors, which signaled the problem around 10:22 AM. The sensors had identified issues with Microsoft Graph OneDrive, with synthetic actions being canceled and service unavailability reported. These early detections occurred approximately two hours before Microsoft officially reported the outage.
The Exoprise dashboard displayed the outage’s progression across various sensors, Twitter feeds, and Microsoft service status updates. This demonstrated the widespread impact of the outage and its effects on the global user base.
Multiple Microsoft 365 services were affected, including Microsoft Teams, SharePoint Online, OneDrive for Business, and Outlook. Users experienced difficulties with scheduling meetings, loading profiles, accessing files, creating teams and channels, installing apps, conducting searches, and more.
Microsoft took action to address the issue, including reverting a recent change, leading to significant improvements in service availability. Users confirmed that the problem no longer persisted. The scope of impact was specific to users routed through the affected infrastructure.
The final status update indicated that the issue had been resolved after restarts were completed to address residual impact. Microsoft continued to investigate the root cause of the impact and planned to publish a post-incident report within five business days.
In the subsequent post-incident report, Microsoft identified the root cause as a Distributed Denial of Service (DDoS) attack, which led to anomalous spikes in HTTP requests. These spikes bypassed existing preventative measures, causing the front-end components of Microsoft 365 to perform below acceptable thresholds. This impact affected various features, including Outlook on the web, REST, and Search functionality.
More Article:
