MedhaCloud
Link copied to clipboard!
Microsoft 365

Microsoft 365 Outage History: Every Major Incident 2020–2026

Sreenivasa Reddy G
Sreenivasa Reddy G
Founder & CEO
Jul 4, 202618 min read
24
Microsoft 365 Outage History: Every Major Incident 2020–2026

Microsoft 365 has recorded at least nine major multi-service outages between 2020 and 2026, most traced to shared authentication infrastructure, network configuration changes, or distributed denial-of-service attacks rather than to any single application. This page is a historical record of those incidents, updated after each major event. For current incidents, see the live Microsoft 365 status page. Every figure below is attributed to a named source: Microsoft status history and post-incident reports, Microsoft Service Level Agreement documentation, ITIC, and the Uptime Institute.

Outage History at a Glance

Microsoft 365 serves more than 400 million paid seats, so a single control-plane failure can affect Exchange Online, Teams, SharePoint, OneDrive, and Outlook at the same time. The pattern across six years is consistent: the applications themselves rarely fail in isolation. When a major outage occurs, the fault is usually in a shared dependency such as identity, network routing, or edge delivery. Businesses planning a move should factor this history into their Microsoft 365 migration services resilience planning.

9
Major multi-service outages, 2020–2026
~8h
Typical duration of a global control-plane outage
99.9%
Financially backed uptime commitment in the Microsoft SLA
  1. Microsoft 365 recorded at least nine major multi-service outages between September 2020 and October 2025, per Microsoft status history and published post-incident reports.
  2. Shared identity and authentication infrastructure was the root cause or primary aggravating factor in four of the nine major incidents (Microsoft post-incident reports).
  3. The Microsoft Online Services SLA commits to 99.9% monthly uptime, financially backed by service credits (Microsoft SLA for Microsoft 365).
  4. Microsoft has reported quarterly worldwide uptime of about 99.97% to 99.99% for the core Microsoft 365 services in recent years (Microsoft transparency reporting).
  5. A single major control-plane outage typically lasts about 3 to 10 hours from detection to full recovery, based on the nine documented incidents.

2020 Incidents

The defining Microsoft 365 outage of 2020 was an identity failure. Because Azure Active Directory (now Microsoft Entra ID) authenticates sign-ins for every Microsoft 365 workload, a fault in that layer blocks users from reaching services that are themselves running normally.

Date Duration Services affected Scope Root cause
Sep 28, 2020About 5 hoursMicrosoft 365 sign-ins, Outlook, Teams, Azure portalBroad, concentrated in the AmericasAzure Active Directory update with a latent code defect
  1. On September 28, 2020, an Azure Active Directory service update introduced a defect that blocked authentication, preventing users from signing in to Microsoft 365 for about five hours (Microsoft post-incident report).
  2. Microsoft rolled back the change, but the recovery was staged, so many users experienced intermittent access for a period after the initial fix (Microsoft status history).
  3. The incident was concentrated in the Americas but affected any tenant whose users needed a fresh authentication token during the window (Microsoft post-incident report).
  4. Because Azure AD is the sign-in layer for every workload, the outage reached Outlook, Teams, and the Azure management portal simultaneously despite those services being otherwise healthy (Microsoft post-incident report).

2021 Incidents

2021 repeated the identity-layer pattern. A change to the authentication system, rather than to any individual application, produced a short but global disruption.

Date Duration Services affected Scope Root cause
Mar 15, 2021About 2 hoursTeams, Exchange Online, Microsoft 365 sign-ins, Xbox LiveGlobalAzure AD authentication key rotation error
  1. On March 15, 2021, an error in an Azure AD authentication process disrupted sign-ins to Microsoft 365 and consumer Microsoft services for about two hours (Microsoft post-incident report).
  2. Microsoft attributed the fault to a key rotation problem in the token-signing infrastructure rather than to a capacity or hardware failure (Microsoft post-incident report).
  3. Affected services spanned Teams, Exchange Online, SharePoint, and Xbox Live, all of which depend on the same identity platform (Microsoft status history).
  4. The March 2021 event followed a similar authentication incident in late September and October 2020, prompting Microsoft to accelerate resilience work on the identity backend (Microsoft post-incident report).

2022–2023 Incidents

2022 passed without a single global multi-service outage on the scale of the identity failures, though Microsoft continued to log regional and single-service advisories. 2023 brought two of the most significant events in the platform's history: a network configuration error and a sustained denial-of-service campaign.

Date Duration Services affected Scope Root cause
Jan 25, 2023About 3 to 5 hoursTeams, Exchange Online, Outlook, SharePoint, OneDriveWorldwideWide-area network router configuration change
Jun 5–9, 2023Intermittent over several daysOutlook.com, OneDrive, Azure portalGlobal, intermittentLayer 7 DDoS attack (Storm-1359 / Anonymous Sudan)
  1. On January 25, 2023, a wide-area network router configuration change caused packet forwarding problems that took Teams, Exchange Online, Outlook, SharePoint, and OneDrive offline worldwide for about three to five hours (Microsoft post-incident report).
  2. Microsoft identified the trigger as a single WAN update and paused the affected changes and rolled the network back to restore service (Microsoft post-incident report).
  3. The January 2023 outage is one of the most widely felt in the platform's history because it hit the network path itself, so no single application could route around it (Microsoft status history).
  4. Between June 5 and June 9, 2023, a Layer 7 distributed denial-of-service campaign disrupted Outlook.com, OneDrive, and the Azure portal in intermittent waves across several days (Microsoft security response).
  5. Microsoft attributed the June 2023 DDoS activity to a threat actor it tracks as Storm-1359, publicly known as Anonymous Sudan, and stated it found no evidence that customer data was accessed or compromised (Microsoft security response).
  6. The June 2023 attack targeted the service edge with high request volumes rather than exploiting a code defect, which is why availability fluctuated instead of failing all at once (Microsoft security response).

2024 Incidents

2024 produced the year's most publicized IT disruption, which is frequently and incorrectly attributed to Microsoft. Accuracy matters here, so the distinction is drawn explicitly below. The year also included a genuine Microsoft-side outage in July and an authentication failure in November.

Date Duration Services affected Scope Root cause
Jul 19, 2024Hours to days per deviceWindows endpoints running Microsoft 365 appsGlobal, about 8.5M devicesFaulty CrowdStrike Falcon sensor update (third party, not a Microsoft cloud fault)
Jul 30, 2024About 8 to 10 hoursMicrosoft 365 apps, Azure servicesSubset of global customersDDoS attack amplified by a defense-mechanism misconfiguration
Nov 25, 2024Most of a business dayExchange Online, Teams calendar and email flowBroadProblematic change to authentication and token infrastructure
  1. On July 19, 2024, a faulty CrowdStrike Falcon sensor update caused about 8.5 million Windows devices to crash into a boot loop, disrupting Microsoft 365 apps on those endpoints (Microsoft and CrowdStrike incident statements).
  2. The July 19 event was not a Microsoft cloud outage. The Microsoft 365 cloud services stayed available. The failure was on the Windows endpoints, caused by a third-party security agent, which is why an accurate outage history lists it as a client-side incident rather than a service outage (Microsoft incident statement).
  3. Microsoft has estimated the CrowdStrike update affected under 1% of all Windows machines globally, though the affected systems were concentrated in high-impact sectors such as aviation, banking, and healthcare (Microsoft incident statement).
  4. On July 30, 2024, a distributed denial-of-service attack degraded a subset of Microsoft 365 and Azure services for about eight to ten hours (Microsoft post-incident report).
  5. Microsoft stated that an error in its DDoS defense implementation amplified the July 30 attack rather than mitigating it, extending the disruption beyond what the attack alone would have caused (Microsoft post-incident report).
  6. On November 25, 2024, a problematic change to authentication and token infrastructure disrupted Exchange Online and Teams for most of a business day, affecting email flow and calendar access (Microsoft post-incident report).
  7. Microsoft mitigated the November 2024 incident by reverting the change and manually restarting affected components, a recovery pattern common to identity-layer failures (Microsoft post-incident report). Organizations running hybrid Exchange should confirm their on-premises servers are patched and supportable, which is where Exchange server support reduces exposure.

2025 Incidents

2025 opened with a weekend Outlook and Exchange failure and closed with an edge-delivery outage that reached far beyond Microsoft 365 into the wider Azure and internet ecosystem.

Date Duration Services affected Scope Root cause
Mar 1, 2025Several hoursOutlook, Exchange OnlineBroad, millions of users on a SaturdayProblematic code change to the mail service
Oct 29, 2025About 8 hours or moreMicrosoft 365 apps, Azure portal, dependent web servicesGlobalAzure Front Door configuration failure
  1. On March 1, 2025, a problematic code change disrupted Outlook and Exchange Online, affecting millions of users on a Saturday for several hours (Microsoft post-incident report).
  2. Microsoft resolved the March 2025 incident by reverting the offending change, and it noted that weekend timing reduced business-hours impact for many organizations while still disrupting consumer and shift-based users (Microsoft status history).
  3. On October 29, 2025, a configuration failure in Azure Front Door, the edge and content-delivery layer, took Microsoft 365 services offline globally for about eight hours or more (Microsoft post-incident report).
  4. Because Azure Front Door fronts traffic for many Microsoft and third-party properties, the October 2025 outage reached beyond Microsoft 365 into the Azure portal and numerous dependent websites (Microsoft post-incident report). The parallel Azure outage history covers the platform-wide dimension of this event.
  5. The October 2025 edge failure illustrates the platform's central risk: a fault in a shared delivery or identity layer produces a wider blast radius than any single application failure (Microsoft post-incident report).

Outages Per Year

Counting only major multi-service outages, and treating the July 2024 CrowdStrike event as a client-side incident rather than a cloud outage, the distribution across the six-year window is as follows.

Major Microsoft 365 Multi-Service Outages by Year
2020
1
2021
1
2022
0 major global
2023
2
2024
2
2025
2
  1. 2020 and 2021 each recorded one major global outage, both rooted in Azure Active Directory authentication (Microsoft post-incident reports).
  2. 2022 logged no single global multi-service outage on the scale of the identity failures, though regional and single-service advisories continued (Microsoft status history).
  3. 2023, 2024, and 2025 each recorded two major incidents, a step up in frequency driven by the arrival of large-scale DDoS campaigns alongside the recurring configuration and identity faults (Microsoft post-incident reports).
  4. Excluding the client-side CrowdStrike event, the six-year window averages roughly 1.5 major Microsoft 365 outages per year (calculated from Microsoft status history).

Most-Affected Services

Ranking the nine major incidents by the services they disrupted shows that authentication-dependent, network-dependent workloads carry the highest exposure. Exchange Online and Teams appear in the majority of events because both depend on the same identity and network paths.

Service Appearance Across the Nine Major Incidents
Exchange Online
7
Teams
5
Outlook.com
5
SharePoint
3
OneDrive
3
  1. Exchange Online was affected in seven of the nine major incidents, the highest of any workload, because email flow depends on both identity and network routing (compiled from Microsoft post-incident reports).
  2. Teams and Outlook.com each appeared in about five of the nine incidents, reflecting their shared reliance on the same authentication and edge infrastructure (compiled from Microsoft status history). The Microsoft Teams statistics roundup covers the platform's scale that makes each Teams outage widely felt.
  3. SharePoint and OneDrive were each drawn into roughly three of the major incidents, most often during network-path and edge-delivery failures rather than identity events (compiled from Microsoft post-incident reports).
  4. The consistent finding is that no core Microsoft 365 application failed on its own in a major incident. Each outage traced to a shared dependency, which is the single most useful fact for resilience planning (Microsoft post-incident reports).

Root Cause Categories

Grouping the nine major incidents by root cause produces four categories. Authentication infrastructure and network configuration together account for the majority, with DDoS activity a growing third category and third-party client agents a distinct fourth.

Root cause category Major incidents Example
Authentication / identity infrastructure4Sep 2020, Mar 2021, Nov 2024, Mar 2025
Network / edge configuration2Jan 2023 WAN, Oct 2025 Front Door
Distributed denial of service2Jun 2023, Jul 30 2024
Third-party client agent1Jul 19 2024 CrowdStrike (not a cloud fault)
  1. Authentication and identity infrastructure is the single largest root cause category, tied to four of the nine major incidents (compiled from Microsoft post-incident reports).
  2. Network and edge configuration changes caused two of the widest-reaching outages, January 2023 and October 2025, because a routing or delivery fault affects every downstream service at once (Microsoft post-incident reports).
  3. Distributed denial-of-service attacks emerged as a major cause only from 2023 onward, accounting for two incidents and marking a shift from internal faults to external pressure (Microsoft security response).
  4. A recurring theme in Microsoft's own reports is that a routine configuration or code change, rather than hardware failure, triggered most incidents, which is why change management and staged rollout feature prominently in the published remediation steps (Microsoft post-incident reports).

Published SLA vs Actual Uptime

Microsoft backs Microsoft 365 with a financial Service Level Agreement. The commitment and the credit tiers below are drawn directly from Microsoft's SLA documentation, alongside the actual quarterly uptime Microsoft has reported.

99.9%
Financially backed monthly uptime commitment, equal to a maximum of about 43 minutes of allowed downtime per 30-day month (Microsoft SLA for Microsoft 365)
Monthly uptime achieved Service credit Source
Below 99.9%25% of the monthly feeMicrosoft SLA
Below 99%50% of the monthly feeMicrosoft SLA
Below 95%100% of the monthly feeMicrosoft SLA
  1. The Microsoft SLA guarantees 99.9% monthly uptime, which permits a maximum of about 43 minutes of downtime per month before a credit is owed (Microsoft SLA for Microsoft 365).
  2. Service credits follow three tiers: 25% below 99.9%, 50% below 99%, and 100% below 95% of monthly uptime (Microsoft SLA for Microsoft 365).
  3. Microsoft has reported worldwide quarterly uptime of about 99.97% to 99.99% for the core services, above the 99.9% floor (Microsoft transparency reporting).
  4. Credits are not automatic. The customer must submit a claim within the window the SLA defines, so many organizations never recover credit for downtime they experienced (Microsoft SLA for Microsoft 365).
  5. A service credit reimburses a fraction of the subscription fee, not the business cost of the outage, which is typically many times larger than the credit itself (Microsoft SLA for Microsoft 365, ITIC).

The Cost of Downtime

The SLA credit rarely matches the operational cost of an outage. Independent survey data from ITIC and the Uptime Institute puts the real figure into perspective for a mid-sized business.

90%
Of enterprises put a single hour of downtime above $300,000 (ITIC)
$4,375
Approximate lost productivity for a 100-person firm during an 8-hour outage
  1. ITIC survey data shows 90% of mid-sized and large enterprises estimate the cost of a single hour of downtime at more than $300,000 (ITIC Hourly Cost of Downtime survey).
  2. A material share of large enterprises put the figure far higher, with many reporting hourly downtime costs in the $1 million to $5 million range once revenue and remediation are included (ITIC).
  3. The Uptime Institute reports that a growing proportion of significant outages cost the affected organization more than $100,000, and a notable minority exceed $1 million (Uptime Institute Annual Outage Analysis).
  4. For a 100-person business with an average fully loaded labor cost near $55 per hour, an eight-hour outage that halts productivity represents roughly $44,000 in lost labor alone, before any revenue impact.
  5. Even at a conservative 25% productivity loss during a degraded-service incident, that same 100-person firm loses about $4,375 over eight hours, a figure that recurs with each major outage in this history.
  6. The gap between the 25% SLA credit on a monthly subscription and the real per-hour cost of downtime is the core reason resilience planning cannot rely on service credits (Microsoft SLA, ITIC).

How MSPs Reduce Outage Exposure

No customer can prevent a Microsoft-side outage, but a managed service provider can reduce its business impact through architecture and preparation. The measures below address the specific failure modes this history documents.

Hybrid
Identity and mail continuity during a cloud control-plane failure
3-2-1
Independent backup so data survives an outage or a botched change
  1. Hybrid identity and mail continuity keep authentication and message queuing available during a cloud-side identity failure, addressing the most common root cause in this history (Microsoft resilience guidance).
  2. Independent third-party backup of Exchange Online, SharePoint, and OneDrive protects data during an outage or a faulty change, because the native platform is the same system that is failing (Microsoft shared-responsibility guidance).
  3. Tenant-to-tenant migration readiness and documented recovery runbooks shorten the response time when an incident forces a failover, work that Microsoft 365 migration services teams prepare in advance.
  4. Monitoring the Microsoft 365 service health API lets a provider confirm within minutes whether a fault is Microsoft-side or local, which prevents wasted troubleshooting during a platform outage (Microsoft Service Health guidance). A public reference is the live Microsoft 365 status page.
  5. For further context on adoption scale and reliability expectations, see the broader Microsoft 365 statistics roundup, which frames why each outage in this record affects so many organizations at once.

Sources

This historical record is compiled from the following primary sources. Each incident entry reflects Microsoft's own published post-incident report or status history where available.

  • Microsoft 365 Service Health and status history (post-incident reports)
  • Microsoft Azure status history and post-incident reviews
  • Microsoft Security Response Center, June 2023 DDoS (Storm-1359) statement
  • Microsoft and CrowdStrike incident statements, July 19, 2024
  • Service Level Agreement for Microsoft Online Services (Microsoft 365)
  • ITIC Hourly Cost of Downtime survey
  • Uptime Institute Annual Outage Analysis

Primary source references: Microsoft 365 status, Azure status history, and the Microsoft Online Services SLA.

This page is maintained as a historical record and is updated after each major incident. Last updated: July 2026.

Protect your organization with expert healthcare IT support designed for HIPAA compliance.

Healthcare IT Support Services

Topics

Microsoft 365OutageUptimeExchange OnlineTeams
Sreenivasa Reddy G
Written by

Sreenivasa Reddy G

Founder & CEO15+ years

Sreenivasa Reddy is the Founder and CEO of Medha Cloud, recognized as "Startup of the Year 2024" by The CEO Magazine. With over 15 years of experience in cloud infrastructure and IT services, he leads the company's vision to deliver enterprise-grade cloud solutions to businesses worldwide.

Managed IT SupportCloud InfrastructureDigital Transformation
Follow on LinkedIn

Need Expert Help?

Our certified cloud and IT engineers are ready to tackle your toughest challenges — from migrations to managed services.