Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Thousands Couldn’t Login to Office 365 – What Would You Do if You Were Out of Business?

April 10, 2018

Computer Business Review (and many others) reported on April 6th that Microsoft Office 365 was out of action for thousands of users around the world.

"We've determined that an authentication issue is preventing users from accessing the Office365 service. This issue is limited [sic] to the APAC, Japan and EMEA regions and we're working to resolve it," Microsoft said in a status update.

Pete Banham, cyber resilience expert at Mimecast, commented: "Microsoft Office 365 was hit with major downtime on Friday, with customers around the world unable to access their services or admin portals. An operational dependency on the Microsoft environment creates business risks that need be addressed."

He added: "Anyone outsourcing a critical service like email needs to consider who will suffer most from reputational damage, internal operational issues and financial loss. Mimecast is urging organisations to consider a cyber resilience strategy that assures the ability to recover and continue with business as usual."

Microsoft announced later that it had fixed the authentication problem. A statement posted on the Office 365 status Twitter account said: "We've resolved the authentication issue that was preventing users from signing into the Office 365 service. We're monitoring the environment to validate that service is restored for all users."

Microsoft later said, "We've completed all recovery actions related to MO133518 and this issue is fully resolved as of Friday, April 6, 2018, at 11:30 AM UTC. Thanks to everyone who confirmed service restoration."

After that it issued two more updates: one at 5.42am EDT which said it is working on "to resolve an Office 365 portal access issue," and another at 6.09am EDT to say that it is "analyzing diagnostic data to isolate the root cause of the Office 365 portal access issue".

In a world where law firms and many other organizations are moving to Office 365, this was a wake-up call to many. What do you do when Office 365 is unavailable to you? This was a new thought for many, and an unsettling one.

Unfortunately, the outage came hours after Microsoft, looking very good indeed, announced the introduction of new, advanced protection capabilities for Office 365 Home and Office 365 Personal versions, with two new capabilities: Files Restore and Ransomware detection and recovery.

Some of these tools, like the 30-day OneDrive backup feature Files Restore, were brought over from the Business version to Home and Personal Office 365. The suite can now detect ransomware attacks and guide users through the recovery process, which pinpoints the time and date of the incident and restores OneDrive to its state before that.

The tools also cover sharing files between users. You can set and require a password to access a shared OneDrive file or folder, which protects it if the link to the document is inadvertently forwarded. Additionally, starting later in 2018, links clicked on in Word, Excel, and PowerPoint will be checked in real-time to find whether the destination website will likely download malware or be part of a phishing scam.

The new security features extend to outgoing messages. Outlook.com now offers end-to-end email encryption, which includes security mechanisms on the recipient's end. If they aren't opening the message in Outlook's browser login, mobile app or Windows Mail, they'll be directed to a trusted Office 365 web page to receive a one-time passcode. And at last, you can prevent recipients from forwarding or copying emails sent from Outlook.com, a feature that encrypts messages even after downloading.

If you are already on the Business version as a law firm, you have all these security measures, but it is nice to see them in the Home and Personal Versions.

So it was a good week and a bad week, all in one. Timing is everything.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Thousands Couldn’t Login to Office 365 – What Would You Do if You Were Out of Business?

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer