Microsoft has provided comment on an "anomalous spike" in Azure traffic at the end of last week, which sparked several hours of service disruption.

The incident took place between 15:10 and 17:10 UTC on June 9 when customers faced error notifications when trying to access the Azure portal, and also affected other services including Microsoft Entry Admin Center and Microsoft Intune.

At the time, Anonymous Sudan claimed responsibility for a DDoS attack that it alleges was behind the Azure issues.

The official version of the story, as outlined by Microsoft in a preliminary post-incident review, is that internal telemetry highlighted an "anomaly with increased request rates and the Azure portal displaying a 'service unavailable' message in multiple geographies."

"Traffic analysis showed an anomalous spike in HTTP requests being issued against Azure portal origins, bypassing existing automatic preventive measure and triggering the service unavailable response."

Subsequently, engineers across the Azure portal and networking were dispatched to make quick work of adjusting firewall rules to block the traffic, tweaking traffic throttling rules, adding more Azure portal server instances, and rebooting unhealthy Azure portal instances.

Microsoft says it is trying to make the Azure portal startup process faster and "improving our internal Azure portal monitoring to detect such indicators more quickly and efficiently."

Of Anonymous Sudan's alleged involvement, Microsoft said in a statement that it was "aware of these claims and are investigating."

"We are taking the necessary steps to protect customers and ensure the stability of our services," it added.

Readers may have some sympathy with Microsoft over the latest Azure service degradation - particularly if it was attacked - but there was likely less understanding over a previous outage of Microsoft Azure DevOps, a line of application lifecycle services that was downed for 10 hours by a typo. ®

https://www.theregister.com//2023/06/13/microsoft_azure_ddos/