All deployments: Azure Conditional Access Authentication failures
Incident Report for Duo
Postmortem

Azure Conditional Access Failure - All Deployments

Incident Report - 2020/06/04

Summary:

From 13:30 EDT to 14:49 EDT on June 4, 2020, all Duo deployments experienced authentication failures when authenticating via Azure Conditional Access (CA). During this timeframe, 13,471 authentication requests failed. The Duo Engineering Team resolved the issue and restored service at 14:49 EDT.

Details:

At 13:30 EDT, an automated task to perform routine maintenance was started. At 14:20 EDT, the validation step of the automated task returned a false positive that caused the Azure Conditional Access service to attempt to start with an invalid configuration. The Duo Engineering Team was immediately alerted to the issue via automated alerts.

By 14:27 EDT, the engineering team determined how to restore service and began remediation.

By 14:49 EDT, all services in all regions had been restarted and the team confirmed that authentications were being successfully processed and completed.

Duo’s engineering team regularly performs updates multiple times a day without service degradation, and has identified several improvements to ensure this failure does not happen in the future.

Posted Jun 05, 2020 - 14:47 EDT

Resolved
From 2:20 PM Eastern Time to 2:44 Eastern Time customers may have experienced authentication failures when using Duo with Azure Conditional Access. The issue has been resolved and a full RCA will be posted with 24 hours.
Posted Jun 04, 2020 - 16:39 EDT
This incident affected: DUO1 (Core Authentication Service), DUO2 (Core Authentication Service), DUO3 (Core Authentication Service), DUO4 (Core Authentication Service), DUO5 (Core Authentication Service), DUO7 (Core Authentication Service), DUO8 (Core Authentication Service), DUO47 (Core Authentication Service), DUO10 (Core Authentication Service), DUO11 (Core Authentication Service), DUO12 (Core Authentication Service), DUO13 (Core Authentication Service), DUO14 (Core Authentication Service), DUO15 (Core Authentication Service), DUO16 (Core Authentication Service), DUO17 (Core Authentication Service), DUO18 (Core Authentication Service), DUO19 (Core Authentication Service), DUO20 (Core Authentication Service), DUO21 (Core Authentication Service), DUO22 (Core Authentication Service), DUO23 (Core Authentication Service), DUO24 (Core Authentication Service), DUO25 (Core Authentication Service), DUO26 (Core Authentication Service), DUO27 (Core Authentication Service), DUO28 (Core Authentication Service), DUO29 (Core Authentication Service), DUO30 (Core Authentication Service), DUO31 (Core Authentication Service), DUO32 (Core Authentication Service), DUO33 (Core Authentication Service), DUO34 (Core Authentication Service), DUO36 (Core Authentication Service), DUO37 (Core Authentication Service), DUO38 (Core Authentication Service), DUO39 (Core Authentication Service), DUO40 (Core Authentication Service), DUO41 (Core Authentication Service), DUO42 (Core Authentication Service), DUO43 (Core Authentication Service), DUO44 (Core Authentication Service), DUO45 (Core Authentication Service), DUO46 (Core Authentication Service), DUO48 (Core Authentication Service), DUO9 (Core Authentication Service), DUO49 (Core Authentication Service), DUO50 (Core Authentication Service), DUO51 (Core Authentication Service), DUO52 (Core Authentication Service), DUO53 (Core Authentication Service), DUO54 (Core Authentication Service), DUO55 (Core Authentication Service), DUO56 (Core Authentication Service), DUO57 (Core Authentication Service), DUO58 (Core Authentication Service), DUO59 (Core Authentication Service), DUO60 (Core Authentication Service), DUO61 (Core Authentication Service), DUO62 (Core Authentication Service), DUO63 (Core Authentication Service), DUO64 (Core Authentication Service), DUO65 (Core Authentication Service), DUO6 (Core Authentication Service), and DUO35 (Core Authentication Service).