March 19, 2021
Microsoft Signing Key Error Kills Teams, Sharepoint Data
SharePoint and Microsoft Teams users reported that files were missing or moved to the Recycle Bin following the massive Microsoft outage this week, according to reports. The outage affected cloud services including Microsoft 365, Microsoft Teams, Xbox Live, Exchange Online, Outlook.com, and SharePoint.
The outage resulted from an Azure Active Directory (Azure AD) configuration issue, which prevented users from authenticating to Microsoft 365, Exchange Online, Microsoft Teams, or any other service relying on Azure AD.
"Between 19:00 UTC (approx) on March 15, 2021, and 09:25 UTC on March 16, 2021 customers may have encountered errors performing authentication operations for any Microsoft and third-party applications that depend on Azure Active Directory (Azure AD) for authentication,” the company wrote in a preliminary root cause analysis report.
The authentication and login issues were caused by an error that affected the rotation of the “signing keys” used to support Azure AD's use of OpenID. Signing keys are cryptographic key pairs that play a role in Microsoft’s user authentication process. Microsoft's identity platform rotates and deletes unused signing keys on a periodic basis for security purposes.
"Over the last few weeks, a particular key was marked as 'retain' for longer than normal to support a complex cross-cloud migration. This exposed a bug where the automation incorrectly ignored that 'retain' state, leading it to remove that particular key," Microsoft said.
SaaS Backup Prevents Cloud Data Loss
The “3, 2, 1” approach to backup (3 copies, 2 formats, 1 offsite copy) is basically Backup 101 when it comes to on-premises data protection. However, many organizations mistakenly believe this approach is no longer necessary for Software-as-a-Service (SaaS) applications. This Active Directory bug and associated data loss clearly demonstrates the need for effective, third-party SaaS data backup.
Third-party tools enable this approach by storing backups in a secondary cloud repository, outside of Microsoft’s servers. For example, Datto SaaS Protection backs up Microsoft 365 data to Datto’s private cloud, which is purpose-built for backing up and recovering data.
Datto SaaS Protection
Datto SaaS Protection enables MSPs to protect clients against user errors, ransomware, and data corruption. It provides simple, automated, and secure backups three times every day, stored independently from your SaaS provider’s infrastructure. Unlike native tools, Datto SaaS Protection maintains folder structure and permissions in backups—so restores are fast, whether you need to recover a single file or an entire user’s account. Our easy onboarding process and 24x7x365 support gives you peace of mind that client data is safe.
Datto SaaS Protection delivers:
- Reliable data protection
- Automatic backup 3x daily
- Point-in-time restore and export
- Unlimited storage
- Infinite retention
To learn more about how Datto SaaS Protection fits into your managed services portfolio, schedule a demo today.