Microsoft is investigating reports of 504 Gateway Timeout errors impacting US-based Microsoft 365 users trying to access services that require Multi-Factor Authentication (MFA).
Darren James, Senior Product Manager at Specops Software, provided the following comments:
“This event highlights the importance of having a flexible MFA policy that doesn’t rely on a single second factor. Of course you do need to consider the relative strength of alternate authentication factors, for example an SMS OTP is certainly not as strong as a biometric authentication. However, a layered approach, such as using a trusted device that allows you to pin your users identities to the specific devices they use, along with making sure those devices meet your organization’s posture requirements, will give you the ultimate flexibility when it comes to balancing business security, business continuity and user experience.”
This is a good point as most organizations MFA setups only rely on one second factor. Having multiple options makes something like this less of an issue, if not a non issue. Thus this situation should be a lesson to make that move as soon as possible.
Like this:
Like Loading...
Related
This entry was posted on February 23, 2026 at 1:27 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Microsoft MFA May Be Down For Some Users
Microsoft is investigating reports of 504 Gateway Timeout errors impacting US-based Microsoft 365 users trying to access services that require Multi-Factor Authentication (MFA).
Darren James, Senior Product Manager at Specops Software, provided the following comments:
“This event highlights the importance of having a flexible MFA policy that doesn’t rely on a single second factor. Of course you do need to consider the relative strength of alternate authentication factors, for example an SMS OTP is certainly not as strong as a biometric authentication. However, a layered approach, such as using a trusted device that allows you to pin your users identities to the specific devices they use, along with making sure those devices meet your organization’s posture requirements, will give you the ultimate flexibility when it comes to balancing business security, business continuity and user experience.”
This is a good point as most organizations MFA setups only rely on one second factor. Having multiple options makes something like this less of an issue, if not a non issue. Thus this situation should be a lesson to make that move as soon as possible.
Share this:
Like this:
Related
This entry was posted on February 23, 2026 at 1:27 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.