News

Microsoft Promises To Raise Azure AD Uptime to 99.99 Percent

• By Kurt Mackie
• January 05, 2021

Starting April 1, Microsoft plans to increase its service-level agreement (SLA) for Azure Active Directory to "four nines" of uptime -- or 99.99 percent -- each month.

Currently, Azure AD uptime is guaranteed to be "three nines" (99.9 percent) per month. Microsoft attributes the enhanced SLA to various infrastructure "investments" such as a "cellularized architecture" that isolates failures to a small number of users. It also established a backup service for added resilience, which currently supports "Outlook Web Access and SharePoint Online." More resilience was added, as well, via the addition of "regional authentication endpoints." Microsoft is promising to deliver more of such infrastructure improvements to the Azure AD service sometime this year.

Under current SLA's terms, organizations just get a service credit (no monetary compensation) for Azure AD downtime if there was no alternative service available. However, organizations have to apply for this credit as it's not automatically given.

The credit under Microsoft's SLA also is tiered. Currently, Microsoft only offers a full service credit if the uptime falls below 95 percent per month. If the uptime just fell below 99.9 percent for the month, then Microsoft offers a 25 percent service credit.

New SLA To Drop Admin Features
The 99.99 percent SLA uptime promise, coming in April, will just apply when end users can't access apps and services. Microsoft is not going to offer the 99.99 percent uptime assurance for administrative features.

Those administrative features weren't described, but Microsoft's "SLA for Azure Active Directory" Web page currently listed this scenario:

IT administrators are able to create, read, write and delete entries in the directory or provision or de-provision users to applications in the directory.

Apparently, those kinds of administrative capabilities won't be part of the new SLA that's coming on April 1. Here's how Microsoft described its rationale for making that change:

In conversations with our customers, we learned that the most critical promise of our service is ensuring that every user can sign in to the apps and services they need without interruption. To deliver on this promise, we are updating the definition of Azure AD SLA availability to include only user authentication and federation (and removing administrative features). This focus on critical user authentication scenarios aligns our engineering investments with the vital functions that must stay healthy for customers businesses to run. 

Of course, administrative access to Azure AD capabilities would also seem to be vital for businesses, but they won't be part of the new SLA, apparently.

Azure AD has undergone downtime in the recent past that affected end users. More than a year ago, the service was out for about 2.5 hours, possibly due to a bad patch or a configuration change made by Microsoft. In 2018, a lightning strike at a Microsoft Azure regional operations center in Texas blocked access to Microsoft services for more than a day.