A colleague of mine recently solved one of the biggest pain points I have dealt with regarding Office365 – that is, Microsoft’s seemingly hit-or-miss modern authentication.

Symptoms look like this:
1. Outlook client can’t connect and/or authenticate for end-users
2. Turning on Azure MFA for an end-user ruins their life (and yours) because all office applications, teams, etc. break.
3. Admins have an impending sense of “dread” when setting up systems for new users because 80% of the time they are going to spend hours sorting out the above issues.
4. You call Microsoft Support complaining of these issues and they are eventually stumped and tell you to rebuild the desktop/laptop from scratch… great for end-users that deal with this issue 1 year into the job and rather like their systems as-is… -or- MS Support tells you to pop a registry key into the end-user’s system which just disables Modern Authentication all together – which may fix Outlook but leaves many many other things broken…
(more…)

Got into the office this morning and immediately started the scramble because of reports from several users that Microsoft Office365 TEAMS was not working (a key communication app for us and many other businesses).

Microsoft officially had no outages reported when I looked ~8:50 AM EST. So I think this is very fresh. Teams is currently only working on mobile devices for us. If you look at DownDetector.com (here: https://downdetector.com/status/teams/) the chart is telling. 0 reports of issues until around 8:20 AM they start trickling in, 7k+ reported issues by 9:30 AM.

Looks like Microsoft isn’t having a great start to the week. Back to phone calls and emails for now… If you can swing TEAMS on your mobile device though, thankfully that still works.

Side note, the WEB Application is unfortunately ALSO not working in our testing.

Confirmed from another news source… Microsoft IS having issues this morning:
https://www.onmsft.com/news/microsoft-teams-is-down-this-morning-the-company-is-investigating

Microsoft’s Twitter Feed for Office365 status can be seen here:
https://twitter.com/msft365status

If you have access to your office365 Admin portal, you can also see active issues here:
https://portal.office.com/adminportal/home#/servicehealth

Currently they show a TEAMS Service Degradation – “Can’t access Microsoft Teams” – reported/logged at 9:11 AM EST… the issue actually started around 8:20 AM EST based on reports in Down Detector.

Here is the explanation for the issue per what O365 Admins can see:

Current status: We’ve determined that an authentication certificate has expired causing users who have logged out and those that are still logged in to have issue using the service. We’re developing a fix to apply a new authentication certificate to the service which will remediate impact.

Scope of impact: This issue may potentially affect any of your users attempting to access Microsoft Teams.”


Auth certificate expiration… seriously 🙁

UPDATE/Correction:

The actual ticket states that the issue started at 8:15 AM EST. The ticket was LOGGED around 9:11 AM EST.

This will (hopefully) be brief…

Here is the Scenario:

  • You have deployed Office365
  • You have an on-prem Domain Controller (hopefully more than one!)
  • You are using Azure AD Connect 1.1 or greater, (which is installed on one of your domain controllers)
  • You create or manage user accounts using your on-prem domain controllers
  • Whenever you create a new user or make a change in AD you have to wait around (up to 30 minutes) for Office365 to reflect the change

In previous version of AAD Connect there was a Windows Scheduled task that would periodically sync AD data to Office365.

In later/latest versions of the tool there is now a scheduling engine that is part of the tool which is set to do a “delta” sync (only updates/changes) every 30 minutes.

When you are working though you might not want to wait around 30 minutes.
(more…)