Full Report
Microsoft is investigating an ongoing DNS outage affecting customers worldwide, preventing them from accessing Microsoft Azure and Microsoft 365 services. [...]
Analysis Summary
# Incident Report: Global DNS Outage Affecting Azure and Microsoft 365
## Executive Summary
Microsoft is currently investigating a large-scale, ongoing DNS outage that began around 16:00 UTC, leading to significant worldwide availability degradation for customers attempting to access Microsoft Azure and Microsoft 365 services. The incident, attributed to DNS issues, has caused widespread connection failures, latency, and authentication problems across numerous integrated services like the Azure Portal, Intune, and Exchange Admin Center. Response actions are underway, focusing on diagnosing and resolving the root cause of the core DNS failure.
## Incident Details
- **Discovery Date:** October 29, 2025 (Identified around 16:00 UTC)
- **Incident Date:** October 29, 2025 (~16:00 UTC)
- **Affected Organization:** Microsoft (Azure, Microsoft 365 Customers)
- **Sector:** Cloud Services, Technology
- **Geography:** Worldwide
## Timeline of Events
### Initial Access
- **Date/Time:** Approximately 16:00 UTC
- **Vector:** Service Disruption (Internal DNS Failure/Misconfiguration)
- **Details:** Microsoft began experiencing DNS issues resulting in extensive availability degradation for critical services.
### Lateral Movement
*Not applicable, as the incident appears to stem from a core infrastructure service failure (DNS) rather than a malicious external intrusion or traditional lateral movement across customer environments.*
### Data Exfiltration/Impact
*No data exfiltration was reported; the impact was primarily operational availability.*
### Detection & Response
- **Detection:** Detected internally by Microsoft service monitoring and externally via customer reports on platforms like DownDetector and social media networks (Reddit).
- **Response Actions:** Microsoft acknowledged the issue, stated they were reviewing service telemetry to isolate the cause, and took immediate action expected to address Azure Portal access issues shortly.
## Attack Methodology
*Note: Based on the provided text, this incident is characterized as an **Infrastructure Failure/Outage**, not a typical cyberattack. The following sections reflect the nature of the disclosed issue.*
- **Initial Access:** Internal Service Degradation (DNS Issues).
- **Persistence:** N/A
- **Privilege Escalation:** N/A
- **Defense Evasion:** N/A
- **Credential Access:** N/A
- **Discovery:** N/A
- **Lateral Movement:** N/A
- **Collection:** N/A
- **Exfiltration:** N/A
- **Impact:** Service Unavailability and Latency due to DNS resolution failures.
## Impact Assessment
- **Financial:** Not specified, but implied significant due to global service interruption.
- **Data Breach:** None reported.
- **Operational:** High impact; worldwide denial of service for Azure Portal, M365 services (Intune, Exchange Admin Center), Azure Front Door CDN, and customer authentication services. Intermittent request failures and latency experienced by tens of thousands of users.
- **Reputational:** Negative impact due to widespread, high-profile service outages affecting critical organizational functions (e.g., healthcare providers).
## Indicators of Compromise
*As this is reported as a service outage rather than a targeted attack, traditional IOCs are not provided. Indicators focus on service disruption:*
- **Network Indicators (Defanged):** Failed DNS resolution queries for Azure/M365 endpoints.
- **File Indicators:** N/A
- **Behavioral Indicators:** Intermittent request failures, high latency accessing Azure/M365 URLs, authentication service unavailability.
## Response Actions
- **Containment:** Microsoft stated they "have taken action that is expected to address the portal access issues here shortly."
- **Eradication:** Focused on troubleshooting and restoring healthy DNS resolution paths.
- **Recovery:** Pending full restoration of all affected services (Azure, M365 Admin Center, Intune, etc.).
## Lessons Learned
- Dependability issues in core infrastructure components like DNS can have an immediate and catastrophic global impact across disparate cloud services.
- Dependency on internal DNS resolution for access to critical administrative portals creates a single point of failure for rapid remediation.
## Recommendations
- Implement enhanced redundancy and failover mechanisms specifically for internal DNS resolution pathways servicing critical cloud platforms to mitigate single points of failure.
- Improve internal alert correlation for service telemetry and external customer reports to accelerate initial diagnosis time during infrastructure incidents.