Microsoft Teams, a widely-used collaboration platform, experienced a major outage on Friday, causing disruptions to services for users around the world. The outage, which began at around 11 a.m. Eastern Time, resulted in access issues and functionality limitations for many users. These included delays in message delivery and problems with graphic display.
The issue escalated quickly, with frustrated users expressing their dissatisfaction with the service disruptions. Microsoft acknowledged the problem on X (formerly Twitter), referring to a networking issue impacting a portion of the Teams service. To mitigate the problem, the company initiated a transition to backup systems.
By 1:30 p.m. Eastern Time, Microsoft reported that the backup transition for Europe, Africa, and the Middle East was completed, leading to improvements. However, the backup switchovers for the North and South American regions were still in progress. Reports of the outage declined by 3 p.m. Eastern Time according to DownDetector data.
According to DownDetector, 67% of the reported issues were related to the Microsoft Teams app, 25% were service connection problems, and 8% were website-related. Users faced difficulties using the service, such as delays in messaging and graphic display issues.
Despite Microsoft’s efforts to address the problem swiftly, users in the US continued to express their dissatisfaction, with some sarcastically thanking the company for resolving the issue in regions where the workday had already ended. Microsoft acknowledged that the switchover did not immediately resolve all issues for users in North and South America but emphasized ongoing mitigation efforts.
Users encountering the issue saw error messages stating, We’ve run into a server error. Some functions might not work right now, but you can continue to use the app. Additionally, users attempting a cold boot experienced login issues, and unlocking devices displayed missing messages.
Microsoft provided updates through its incident report (TM710344) in the Microsoft 365 admin center, citing a networking issue impacting a portion of the database infrastructure. The company assured users that they were continuously investigating to isolate the cause and implement remediation actions.
In an update posted on X at 13:28 EST on January 26, Microsoft reported that ongoing failovers for North and South America were being closely monitored. They stated, We’ve completed the failover in the EMEA region, and service telemetry is showing some improvement. The failovers for the North and South America regions are ongoing, and we continue to monitor.
Separately, Microsoft confirmed that the Russian hacking group Midnight Blizzard, associated with the Russian Foreign Intelligence Service (SVR), had targeted various organizations beyond Microsoft as part of a malicious campaign. The group, also known as APT29 or Nobelium, typically focuses on government bodies, NGOs, software developers, and IT service providers in the US and Europe.
In November 2023, the group breached Microsoft’s systems and gained access to emails from leadership, cybersecurity, and legal teams. Microsoft revealed that the threat actors employed residential proxies and password spraying techniques, targeting accounts, including a legacy test tenant account lacking multi-factor authentication (MFA). The compromised account had access to an OAuth application with elevated privileges, enabling the attackers to create additional malicious OAuth apps and gain access to other corporate mailboxes.
Microsoft identified the malicious activity through Exchange Web Services logs and discovered similar tactics used by Russian state-sponsored hacking groups. The company is now notifying other targeted organizations based on insights gained from its investigation into Midnight Blizzard’s activities, urging vigilance and awareness of the ongoing threat.