Microsoft Azure Outage: DDoS Defense System Amplified the Attack It Was Meant to Stop
What happened
A DDoS attack against Microsoft Azure triggered a defensive response that, due to an error in implementation, amplified the impact of the attack rather than mitigating it. The resulting outage affected Azure portal, Intune, Entra, and other Microsoft 365 services globally for approximately nine hours.[1]
What went wrong
The DDoS mitigation system had an implementation error that caused it to amplify traffic during the defence activation, turning a manageable attack into a service-degrading event. The defensive system had not been tested against realistic DDoS scenarios and its side effects had not been fully characterised.[1]
Lesson learned
Security mitigation systems can cause outages if misconfigured or insufficiently tested. DDoS defences must be load-tested in realistic attack simulations before deployment — the defensive system must not itself become an outage source. Chaos engineering must include security defence testing.