Full Report
Microsoft is investigating an outage that blocks some administrators with business or enterprise subscriptions from accessing the Microsoft 365 admin center. [...]
Analysis Summary
# Incident Report: Microsoft 365 Admin Center Access Degradation
## Executive Summary
Microsoft is currently investigating a service degradation impacting the Microsoft 365 admin center, primarily affecting administrators with business or enterprise subscriptions in the North America region. The incident is causing blocks to admin center access, degraded functionality for those who can connect, and the inability to raise support tickets or use the M365 app. Microsoft is actively collecting telemetry to isolate the root cause and develop a remediation plan.
## Incident Details
- Discovery Date: February 10, 2026 (Initial reporting time)
- Incident Date: February 10, 2026 (Began prior to acknowledgment)
- Affected Organization: Microsoft Tenants (Business/Enterprise Subscriptions)
- Sector: Cloud Services / SaaS
- Geography: North America
## Timeline of Events
### Initial Access
- Date/Time: Undetermined (Service degradation began prior to acknowledgment)
- Vector: Not applicable (Service outage/Internal infrastructure issue, not external malicious intrusion)
- Details: Users began reporting connection problems and extremely slow performance accessing the Microsoft 365 admin center.
### Lateral Movement
- **N/A**: This incident is characterized as a service outage, not a cyber intrusion requiring lateral movement.
### Data Exfiltration/Impact
- **N/A**: No evidence of data exfiltration; impact is operational (denial of access to management tools).
### Detection & Response
- **Detection**: The issue was detected via internal service monitoring telemetry and external user reports (via DownDetector).
- **Response**: Microsoft acknowledged the issue, began investigating telemetry to isolate the root cause, and began developing a remediation plan. Support ticket submission via the admin center is also degraded.
## Attack Methodology
- **Initial Access**: Not Applicable (Service Incident)
- **Persistence**: Not Applicable
- **Privilege Escalation**: Not Applicable
- **Defense Evasion**: Not Applicable
- **Credential Access**: Not Applicable
- **Discovery**: Not Applicable
- **Lateral Movement**: Not Applicable
- **Collection**: Not Applicable
- **Exfiltration**: Not Applicable
- **Impact**: Service Degradation/Denial of Access to critical administrative tools.
## Impact Assessment
- **Financial**: Not disclosed, but potentially high due to productivity loss for administrators managing large enterprise environments.
- **Data Breach**: None indicated.
- **Operational**: Significant disruption for administrators, including inability to access the M365 admin center, degraded functionality within the portal, and inability to raise new support tickets. The M365 app is also reported to be affected.
- **Reputational**: Moderate, as it is tracked publicly on service health dashboards and third-party sites.
## Indicators of Compromise
- **Network indicators (defanged)**: Service monitoring telemetry points related to admin center connectivity.
- **File indicators**: None identified (Service issue).
- **Behavioral indicators**: High volume of failed connection attempts or timeouts reported by users attempting to access `admin.microsoft.com`.
## Response Actions
- **Containment measures**: Microsoft is actively reviewing service monitoring telemetry to isolate the root cause.
- **Eradication steps**: Remediation plan development is underway.
- **Recovery actions**: Restoring full functionality to the M365 admin center and M365 app services in the affected region.
## Lessons Learned
- **Key takeaways**: Reliance on centralized management infrastructure (the admin center) means the failure of this single component can severely hamper administrative response capabilities, even preventing ticket submission for remediation.
- **What could have been done better**: Faster root cause isolation is implied, as the report specifies the investigation is ongoing.
## Recommendations
- **Prevention measures for similar incidents**: Ensure secondary or out-of-band access mechanisms (e.g., direct API access, dedicated emergency portals) are available for administrators when the primary management interface experiences degradation. Conduct periodic reviews of service dependency chains to identify single points of failure in administrative tooling.