Microsoft outage: Customers coming back online after morning woes

There’s fresh grief for Microsoft on the heels of its CrowdStrike chaos.

Many New Zealand customers could not access Outlook and Teams this morning. Down Detector had 3200 reports of Microsoft outages around New Zealand at about 8.30am. By around 9.45am, customers across multiple organisations said services were coming back online.

The trouble came just hours after Microsoft suffered global problems due to a cyber attack.

A Microsoft spokeswoman told the Herald at 10.30am: “Microsoft is still investigating at this stage. We do have confirmation it’s not related to the previous DDoS attack, as it is only affecting New Zealand.”

On social media, the company said shortly before 2pm, “We confirmed with previously affected customers and through our internal telemetry that Microsoft 365 services in New Zealand are fully recovered.” The company has yet to comment on the cause.

Although Down Detector had a surge of Microsoft 365 outage reports at 8.30am as people arrived in offices, Microsoft first flagged a potential issue to corporate customers in a 2.05am update, in which it said it was investigating “a potential issue with general access or latency [lag] issues with Microsoft 365 issues”.

Spark and 2degrees said a number of their customers were affected. One NZ said no customers on its network were affected.

DDoS attack

On Wednesday, Microsoft suffered around 10 hours of global disruption.

The company said the “initial trigger event” for the outages was a distributed denial of service (DDoS) attack – a spike in usage caused by millions of bots controlled by a hacker, flooding a service with traffic until it can no longer cope.

Data is not put at risk during a DDoS attack, but the spike in connection requests effectively blocks services to others. Security experts have likened it to sheep blocking a road.

Microsoft said a configuration error in the rollout of its own defences to prevent the attack “amplified the impact of the attack rather than mitigating it”.

On July 23, a faulty update with CrowdStrike’s cybersecurity software threw some 8.5 million PCs running Microsoft Windows into the “Blue Screen of Death”.

Although accounting for less than 1% of Microsoft customers, many affected clients were in banks, airlines, and other critical services.

Microsoft is close to completing a giant “hyper-scale” data centre in Auckland’s northwest. It will be the first time the tech giant has had one of its cloud “server farms” located in New Zealand. It is not yet operational.