Microsoft Azure outage tied to AFD: what broke and fixes
TL;DR:
- On October 9, Azure Front Door issues caused timeouts and delays.
- The Azure and Entra portals were hard to access for hours.
- Microsoft 365 services saw knock-on problems in North America.
- Microsoft cited a network misconfiguration and restored service.
- Review failover paths, status alerts, and CDN routing rules now.
On October 9, 2025, Microsoft reported a widespread disruption tied to Azure Front Door. Customers saw timeouts and slow responses when reaching apps behind AFD. Access to the Azure Portal and Entra Admin Portal was also affected between 07:40 UTC and 16:00 UTC. Availability improved by 12:50 UTC and returned to normal later in the day.
Microsoft 365 users in North America reported issues the same day. Teams and Exchange Online were difficult to access for a window of time. Microsoft attributed the Microsoft 365 impact to a network misconfiguration, then said service recovered by the evening of October 9.
Who was affected
Any workload fronted by Azure Front Door could have seen intermittent failures. That included public sites, APIs, and management portals. Admins also reported sign-in problems to portals and admin centers.
Timeline
- 07:40 UTC, Oct 9: AFD incident starts, latency and timeouts rise.
- 12:50 UTC, Oct 9: Availability improves across regions.
- 16:00 UTC, Oct 9: Metrics return to normal levels.
- Evening, Oct 9 US time: Microsoft 365 user reports drop sharply.
How it affects you
Apps behind AFD might have failed closed if health probes timed out. Portals being down slowed incident response. If your enterprise routes Microsoft 365 through conditional paths, policy checks may have compounded failures.
What to do now
- Review AFD origin health and failover. Ensure multi-region origins.
- Add synthetic checks that bypass AFD to isolate origin health.
- Subscribe to Azure Service Health alerts for AFD and your regions.
- Validate DNS time-to-live. Shorter TTLs speed cutover during faults.
- Test break-glass access to the Azure Portal via alternate accounts.
- Document a Microsoft 365 outage runbook, including status channels.
Common mistakes
- Single-region origins behind AFD.
- Long DNS TTLs that slow routing changes.
- No direct origin probe from outside the AFD path.
- Portal access tied to the same IdP path that is failing.
Quick table: readiness checks
| Area | Good practice | Test cadence |
| AFD origins | At least two regions | Quarterly |
| DNS | TTL 60–300 seconds | Semiannual |
| Health probes | Direct and via AFD | Monthly |
| Status alerts | Azure Service Health + email/SMS | Ongoing |
| Break-glass | Separate role, MFA methods | Quarterly |
Background
CDN and edge layers are sensitive to config changes. A small routing error can cascade. Microsoft’s notes point to a network misconfiguration. Community reports line up with that timeline, mentioning portal access failures and AFD capacity pressure.
What happens next
Expect a final post-incident report with root cause and prevention items. Review it and compare with your own telemetry. Run a game day using the same failure modes.
Why it matters
Cloud outages still happen, even on mature platforms. A clear plan for DNS, failover, and portal access reduces downtime and stress.
Sources:
- Microsoft Azure Status History, AFD incident on Oct. 9, https://azure.status.microsoft/en-us/status/history/, 2025-10-09
- Reuters, Microsoft’s productivity software suite recovers after outage, https://www.reuters.com/technology/microsoft-365-down-thousands-users-downdetector-shows-2025-10-09/, 2025-10-09
- BleepingComputer, Azure outage blocks access to Microsoft 365 services, admin portals,https://www.bleepingcomputer.com/news/microsoft/azure-outage-blocks-access-to-microsoft-365-services-admin-portals/, 2025-10-09
