Today, Jan. 13, 2025, Microsoft reported a problem with its Multi-Factor Authentication (MFA) system, causing inconvenience for Microsoft 365 users. Some have experienced difficulty logging in due to MFA malfunctions. Microsoft has redirected the affected traffic and is gradually restoring full uptime.
This incident highlights the crucial importance of MFA in protecting accounts. Despite its effectiveness in blocking over 99 percent of identity-based attacks, MFA is not without its problems. In December 2024, a vulnerability in Azure’s MFA allowed attackers to bypass authentication under certain conditions, which was later fixed by Microsoft.
With MFA becoming mandatory for all Microsoft 365 admin center administrators as of Feb. 3, 2025, it is critical that organizations implement contingency plans to address any disruptions. It is recommended that alternative authentication methods be enabled and suspicious activity be monitored during such periods.
This event serves as a reminder to regularly review MFA configurations, identify and address potential vulnerabilities, and ensure business continuity even in the event of disruptions.