Exclusive: European Microsoft 365 outage sent Department for Education’s IT into “meltdown”

Microsoft cloud

Crisis meetings were held as more than 6,000 employees were locked out of email, according to a source

The Department for Education (DfE) endured a 12-hour IT nightmare as a result of last month's European-wide Microsoft 365 outage.

The government department's IT systems were paralysed on 24 January, with more than 6,000 of its employees locked out of their cloud-based Microsoft and email accounts, according to a DfE source, Virtual Clouds has learnt.

Crisis meetings were held throughout the day as officials scrambled with the consequences of a departmental-wide outage entirely out of their hands, and also unexplained at the time.

The civil servant, who requested not to be named, also confirmed that colleagues were forced to share confidential documents using Skype's instant messaging.

"It beggars belief that we were locked out of email for an entire day, the whole department was in meltdown," the source said.

A DfE spokesperson confirmed the department's systems were partially disrupted by the European-wide Microsoft outage on 24 January, and that contingency plans were put in place to mitigate these effects.

"The Department for Education was one of many organisations impacted by Microsoft's Outlook issues on Thursday 24 January," the spokesperson told Virtual Clouds. "The impact of disruption to email services was managed and services resumed within 24 hours."

Staff used "smarter working technology" to continue delivering services as smoothly as possible, while "normal business continuity arrangements" were deployed to minimise the impact of disruption to mail services. The spokesperson would not confirm whether the 'businesses continuity arrangements' existed prior to 24 January. The department's video conferencing and shared documents services were unaffected.

The Microsoft 365 outage struck organisations from 9:30am on 24 January, with firms across the continent experiencing severe IT difficulties. Microsoft acknowledged that it was experiencing problems with its services, and engineers worked to restore services at around 8pm the same evening.

"This incident underlines the very real risk authentication delays can have on critical email systems, disrupting government business and preventing officials from sharing confidential information securely," said Centrify's vice president John Andrews.

"With rising levels of cyber attacks, it's vital that all departments ensure privileged access to confidential data is a major priority, so that systems are protected from outsider threats at all times."

The incident demonstrates just how dependent massive organisations, including critical government services, are on third-party cloud vendors to provide an undisrupted service at the risk of sustaining organisations paralysis.

Microsoft also suffered a global authentication-related outage four days later, with users from nations across the world including the US and Japan unable to login to critical cloud-based services.

Sign up for our free newsletter