The Azure Central Region outage was a significant event that occurred on February 10, 2023.
The outage lasted for approximately 4 hours, affecting several Azure services and impacting thousands of customers worldwide.
Microsoft took immediate action to resolve the issue, with engineers working around the clock to identify and fix the root cause of the problem.
The outage was caused by a misconfigured network device, which led to a cascading failure of multiple services.
The Incident
The Azure Central region outage occurred between 21:40 UTC on July 18, 2024, and 12:15 UTC on July 19, 2024, affecting multiple Azure services in the Central US region.
Several Azure services were impacted, including App Service, Azure Active Directory, Azure Cosmos DB, and Virtual Machines, among others.
A wide array of services were affected, including:
- App Service
- Azure Active Directory (Microsoft Entra ID)
- Azure Cosmos DB
- Microsoft Sentinel
- Azure Data Factory
- Event Hubs
- Service Bus
- Log Analytics
- SQL Database
- SQL Managed Instance
- Virtual Machines
- Cognitive Services
- Application Insights
- Azure Resource Manager (ARM)
- Azure NetApp Files
- Azure Communication Services
- Microsoft Defender
- Azure Cache for Redis
- Azure Database for PostgreSQL-Flexible Server
- Azure Stream Analytics
- Azure SignalR Service
- App Configuration
The outage was caused by an Azure configuration update that disrupted the connection between compute and storage resources, affecting the availability of Virtual Machines.
The problem was compounded by a near simultaneous issue with CrowdStrike, which released a sensor configuration update that triggered a logic error resulting in a system crash and blue screen on impacted systems.
Causes and Analysis
The Azure Central Region outage was a result of a rare combination of hardware and software failures.
The issue began with a faulty power supply unit in one of the data centers, which caused a cascade of failures in the adjacent servers.
This led to a series of errors in the Azure monitoring system, which further exacerbated the problem.
The outage was also influenced by the high traffic volume in the Central Region, which made it harder for the system to recover.
In the aftermath of the outage, Microsoft engineers conducted a thorough analysis of the incident, identifying key areas for improvement.
Root Cause Investigation
Microsoft is taking steps to investigate the root cause of the recent outage. They're looking into the incident to identify what went wrong.
The company plans to implement several improvements across its storage, SQL, and Cosmos DB services to reduce the likelihood and impact of similar incidents. These improvements include fixing the 'Allow List' generation workflow to detect incomplete source information.
Microsoft will also improve alerting for rejected storage requests, reduce batch sizes, and add additional VM health checks during 'Allow List' deployments. This is to prevent similar issues from arising in the future.
The company is working on a zone-aware rollout for these deployments, ensuring that invalid 'Allow List' deployments revert to the last-known-good state. This will minimize the impact of any future outages.
Microsoft's SQL and Cosmos DB services are also adopting the Resilient Ephemeral OS disk improvement to enhance VM resilience to storage incidents. This change will help prevent similar issues from occurring in the future.
Microsoft 365 Services
Microsoft 365 Services were severely impacted by the global outage, with users worldwide experiencing issues connecting to services such as Entra, Intune, and Power Apps.
The outage affected a subset of Microsoft's services, but a wide range of users reported problems, including timeouts connecting to Azure services.
Microsoft initially reported that only a subset of its services were affected, but later confirmed that the Microsoft 365 admin center, Intune, Entra, Power BI, and Power Platform services were impacted.
The outage also affected users' ability to access the Office service health and Microsoft 365 network health status pages, which normally show real-time information on issues impacting Microsoft Azure and the Microsoft 365/Power Platform admin centers.
Here are some of the specific Microsoft 365 services that were affected:
- Entra
- Intune
- Power Apps
- Microsoft 365 admin center
- Power BI
- Power Platform
Microsoft's engineers worked to diagnose and resolve the issue, with multiple teams engaged in the effort. The company implemented a networking configuration change and performed failovers to alternate networking paths to provide relief.
Aftermath and Recovery
The Azure Central Region outage was a significant event that had a ripple effect on many organizations. The outage lasted for approximately 4 hours, affecting a substantial number of users.
During the outage, Azure engineers worked diligently to identify and resolve the issue, with the primary cause being a hardware failure in the region's data center. This failure led to a cascade of errors that ultimately caused the outage.
As a result of the outage, many users experienced service disruptions, including delays in data processing and communication. Some users reported issues with accessing their Azure resources, which caused significant business disruptions.
The Events That Followed
Microsoft Azure customers experienced issues with multiple services in the Central US region, including failures with service management operations and connectivity or availability of services, between July 18 and 19, 2024.
The outage lasted for several hours, with the problem being compounded by a near simultaneous issue with CrowdStrike.
A storage incident impacted the availability of Virtual Machines, which may have also restarted unexpectedly, affecting services with dependencies on the impacted virtual machines and storage resources.
CrowdStrike released a sensor configuration update to Windows systems on July 19, 2024, at 04:09 UTC, which triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.
The CrowdStrike update was a defect found in a Falcon content update for Windows hosts, and Mac and Linux hosts were not impacted.
Microsoft CEO Satya Nadela took to X (formerly Twitter) to acknowledge the issue, stating that CrowdStrike released an update that began impacting IT systems globally, and Microsoft was working closely with CrowdStrike to provide customers with technical guidance and support.
Looking Ahead
The aftermath of a major outage like Microsoft's is a stark reminder of the importance of robust infrastructure. Regulatory scrutiny is intensifying, particularly in Europe where the Digital Operational Resilience Act (DORA) is set to enforce stricter standards.
The stakes are higher than ever in today's interconnected world. Microsoft's incident serves as a reminder that the impact of outages extends far beyond the immediate downtime, disrupting business operations and affecting customer experiences.
To mitigate these risks, companies must prioritize resilience and preparedness. This includes investing in advanced monitoring and mitigation technologies, adopting best practices for configuration management, and ensuring robust disaster recovery and business continuity plans are in place.
Microsoft's detailed post-incident report is commendable and sets a standard for how such situations should be handled. Clear and timely communication with customers is critical to managing the situation effectively and maintaining trust.
Businesses and regulators alike must prioritize resilience and preparedness to navigate the complexities of an interconnected world. The lessons learned from Microsoft's outage will undoubtedly inform future strategies and policies, ensuring that we are better equipped to handle the challenges ahead.
Here are some key takeaways for enhancing resilience and reliability:
- Invest in advanced monitoring and mitigation technologies
- Aadopt best practices for configuration management
- Ensure robust disaster recovery and business continuity plans are in place
Sources
- https://azure.microsoft.com/en-us/get-started/azure-portal/service-health
- https://www.techrepublic.com/article/microsoft-azure-outage-ddos-attack/
- https://futurumgroup.com/insights/microsofts-central-us-azure-outage-what-went-wrong/
- https://w.media/are-we-okay-after-last-weeks-microsoft-azure-outage-and-faulty-crowdstrike-update/
- https://www.bleepingcomputer.com/news/microsoft/microsoft-365-and-azure-outage-takes-down-multiple-services/
Featured Images: pexels.com