Outages can be extremely detrimental to business operations which is why Microsoft has announced that it will extend its “outage mode” in Azure to cover both web-based and desktop applications.
Azure Active Directory (Azure AD) is the software giant's cloud directory responsible for handling authentication for Office 365 though it can also be linked to on-premises Active Directory. However, when it goes down, Microsoft customers are unable to access the Azure Portal to manage their cloud services.
Last year the software giant updated the SLA for Azure AD to 99.99 percent uptime from 99.9 percent and one of the ways it was able to do this is through a backup authentication service that replicates authentication data during normal operations. If Azure AD should fail due to a network disruption or other problem, the service transitions to “outage mode” where it is able to check requests and provide tokens to clients so they can continue working.
This backup authentication service has been available in Microsoft Outlook and SharePoint Online since 2019 and now the company will extend it to all native Microsoft apps including Office 365 and Microsoft Teams as well as third-party and customer-owned applications running natively on an organization's devices.
Improved resiliency to outages
According to a new blog post from Microsoft, when a failure of the Azure AD primary service is detected, the backup authentication service automatically engages which allows a user's applications to keep working. However, as the primary service recovers, authentication requests are re-routed back to the primary Azure AD service
In normal mode, the backup service stores essential authentication data and successful authentication responses from Azure AD to dependent apps generate session-specific data. This data is securely stored by the backup service for up to three days.
In outage mode though, any time an authentication request fails unexpectedly, the Azure AD gateway automatically routes it to the backup service. Requests are then authenticated, artifacts such as refresh tokens and session cookies are verified as valid and Azure AD looks for a strict session match in the previously stored data.
While Azure AD will now be more resilient to outages, keep in mind that you won't be able to login to your work apps after purchasing a new business laptop or workstation as outage mode will only work on your existing devices.
Via The Register