04:42 PM
Relevant DNS records were inadvertently removed. Gradual onset of impact as the 5-minute DNS Time to Live (TTL) expired.
05:18 PM
Investigation started based on internal DNS reachability monitor failures.
05:40 PM
We identified and isolated the change that introduced the failure.
06:35 PM
Approximately 94% of the customer impact had been mitigated, as the DNS configuration related to this authentication scenario had been partially restored. This change allowed autologon.microsoftazuread.sso.com to resolve again.
07:16 PM
First notification posted to Azure Status page banner.
10:35 PM
Through customer reports, we identified a subset of affected tenants were still experiencing issues, manifesting as 403 Forbidden errors or time outs.
01:05 AM
The configuration for the affected hostname was rolled back to last known good state using an A record.
01:15 AM
Traffic fully reverted to regular patterns.