Microsoft has a bad month

DDoS attack follows CrowdStrike debacle and misconfiguration

After Microsoft was already a victim of the CrowdStrike update in the middle of the month, a DDoS attack has now been added to the mix, which has succeeded despite protection mechanisms that were apparently not configured correctly.

Apparently the protective function used has intensified the attack instead of weakening it - as was probably intended... when it rains, it pours.

Some Azure services were affected, including the portal itself and some components of Microsoft 365.

After manual intervention, the situation calmed down again after ~ 8 hours. The incident comes at a quite inconvenient time for Microsoft, as Microsoft was already called out two weeks ago due to the CrowdStrike debacle. This not quite successful defense is now once again demonstrating weaknesses in Redmond when it comes to reliability.