Affected products include Office 365 and Microsoft Azure, with customers unable to login to either service with MFA. The login issue is occurring because users are not receiving authentication requests via SMS messages or via a phone call while using the authenticator app.
For its part, Microsoft is at least providing updates to customers from multiple fronts to keep them abreast of what’s going on. The company’s Azure status page claims:
Customers in North America experienced issues with completing MFA challenges from approximately 6:30 AM PST until 9:00 AM PST. As of now, Our telemetry and customers feedback indicates the issue is mitigated. We are closely monitoring the situation to ensure this does not recur. We are aware of how critical MFA is to your business and security, and are maintaining focus on this issue.
"We're continuing to investigate log data to better understand what caused this issue and to validate which recovery measures we took restored service functionality," wrote Microsoft in a Microsoft 365 health status update. "Additionally, our telemetry indicates that this issue was specific to users located in the North America region."
Indeed, DownDetector is showing widespread outages across the United States, with particularly strong concentrated in the Northeast.
At this time, Microsoft does not have a timetable for when its multi-factor authentication will be back up and operational for customers, but we'll update this piece when all systems are in the "green".