A critical DNS misconfiguration in Microsoft Entra ID (formerly Azure Active Directory) disrupted authentication services globally for nearly 90 minutes on February 25, 2025, affecting organizations relying on Seamless Single Sign-On (SSO) and Microsoft Entra Connect Sync.
The outage stemmed from an IPv6 infrastructure cleanup operation that inadvertently removed essential CNAME records for the autologon.microsoftazuread.sso.com domain, causing cascading failures in Kerberos ticket validation.
The disruption began at 17:18 UTC when Microsoft’s internal telemetry detected DNS resolution failures for the autologon.microsoftazuread.sso.com domain, which is critical for Seamless SSO’s authentication flow.
This domain facilitates the silent Kerberos ticket exchange between on-premises Active Directory and Entra ID, allowing password hash synchronization via Microsoft Entra Connect Sync.
The root cause was traced to a DNS configuration change targeting duplicate IPv6 CNAME records—part of Microsoft’s broader initiative to optimize IPv6 support in Entra ID.
However, the cleanup erroneously removed the autologon domain’s CNAME, rendering it unresolvable.
This broke the authentication pipeline for services requiring SSO, including Azure SQL Database, Azure DevOps, and Azure OpenAI.
By 17:40 UTC, engineers identified the faulty DNS change and initiated rollback procedures.
Full recovery occurred at 18:35 UTC after reverting the configuration, though residual synchronization delays persisted for some Entra Connect Sync deployments.
Administrators reported failed synchronization cycles, Azure Portal access issues, and SSO failures in SSMS (SQL Server Management Studio).
Temporary fixes included manually adding the autologon.microsoftazuread.sso.com domain to local DNS zones or modifying host files to point to the last-known IPv4 address (20.190.160.67).
However, Microsoft cautioned against static IP configurations due to potential service instability.
This incident mirrors past Azure DNS-related outages, including a 2023 SPF record misconfiguration and a 2021 Azure DNS server overload.
Microsoft’s post-incident review will analyze why redundancy measures for the autologon domain failed and evaluate IPv6 migration safeguards.
Affected organizations are advised to:
Microsoft will publish a Preliminary Post-Incident Review (PIR) within 72 hours, followed by a final report detailing preventive measures.
Organizations should configure Azure Service Health alerts for real-time incident updates and review filtering rules in Entra Connect Sync to minimize blast radius during future outages.
This incident underscores the fragility of DNS-dependent authentication systems and the critical need for layered redundancy in cloud migrations for enterprises navigating hybrid identity architectures.Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
About The Author
More Stories
Local Infrastructure, Lower Costs: How Peering Is Moving the Needle on Internet Affordability
On Global Accessibility Awareness Day, An Internet for Everyone Must Include Everyone
An Open Fiber Data Standard to Make the Internet for Everyone