[outages] Office365 issues
Mel Beckman
mel at beckman.org
Fri Nov 15 10:37:42 EST 2024
We had several users this morning whose o365 accounts were locked. Upon inspection we determined that brute force attacks had caused OWA to autolock the accounts. Unfortunately, this also locks the accounts in A.D., so it is a kind of DOS attack.
We unlocked the affected accounts, but the locks eventually were reasserted. Talking with MS support there appears to be no easy defense against this kind of attack unless you’re able to whitelist specific public IP addresses for OWA users. We can’t, as OWA typically is used by traveling staff coming from arbitrary public IPs. We are looking into Geo filtering as a mitigating measure. However, the attacks all seem to be originating from the Google Cloud. Perhaps we can implement conditional access policies to add more protection.
We have three-factor authentication, and no MFA challenges occurred, so we’re confident the attackers didn’t have any usable passwords.
I just checked the status portal link you provided, and I can confirm that that doesn’t load for us either. Right now we don’t have any locked accounts, and users seem to be able to access normally.
-mel via cell
On Nov 15, 2024, at 6:47 AM, Bruce Freshwater via Outages <outages at outages.org> wrote:
Any aware of any ongoing issues with o365? I can't get the page to download the desktop version of o365 apps to load. A user changed his password and can login to o365 on the web, but outlook/onenote/etc. on his desktop won't sign him in, they just load indefinitely after he enters his new password. Teams and Onedrive are working for him though.
Also Status page isn’t loading fully: https://portal.office.com/servicestatus
Regards,
Bruce Freshwater
Direct: 412.722.1701
Mobile: 412.292.0282
Main: 866.707.5869
Fax: 412.774.2469
Email: BFreshwater at SierraExperts.com<mailto:BFreshwater at SierraExperts.com>
Request Help: Support Portal (SIM)<sim.sierraincidentmanager.com>
Sierra Experts
<image001.png>
2 Robinson Plaza, Suite 300, Pittsburgh, PA 15205-1017
Our Services: Managed Services<http://www.sierraexperts.com/managed-services/> | Development & Design<https://www.sierraexperts.com/software-development/> | Telephony & VoIP<http://www.sierraexperts.com/telephony-and-voip/> | Hardware & Software<http://www.sierraexperts.com/hardware-and-software/> | Data Center<http://sierradatacenters.com/>
Stay Connected: Website<http://www.sierraexperts.com/> | Awards<https://www.sierraexperts.com/about-us/> | Facebook<https://www.facebook.com/SierraExperts> | X<https://twitter.com/sierraexperts> | LinkedIn<https://www.linkedin.com/company/sierra-w-o-wires> | Blog<http://www.sierraexperts.com/about-us/blog/>
<image002.png>
<https://www.sierraexperts.com/2024-top-managed-service-provider/?utm_source=outlook&utm_medium=email&utm_campaign=press-release&utm_content=2024-channel-futures-msp-501>
<image003.png>
_______________________________________________
Outages mailing list
Outages at outages.org
https://puck.nether.net/mailman/listinfo/outages
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20241115/f8019a16/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 485 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/outages/attachments/20241115/f8019a16/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 45389 bytes
Desc: image002.png
URL: <https://puck.nether.net/pipermail/outages/attachments/20241115/f8019a16/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 93405 bytes
Desc: image003.png
URL: <https://puck.nether.net/pipermail/outages/attachments/20241115/f8019a16/attachment-0005.png>
More information about the Outages
mailing list