Exoprise continuously monitors the operations of its service — using synthetic sensors from all over the world, in addition to real-user monitoring from everywhere. If there are any interruptions in service, planned or unplanned, a note will be posted here.
Core Servers | Public Sites | Alarms | Dependant Services | Service Comms API |
---|---|---|---|---|
![]() | ![]() | ![]() | ![]() | ![]() |
Monday, April 21st, 20253 3:30 PM
We finally discovered the cause of reset OAuth credentials. Apparently, Microsoft turned on some new MACE AI automated security tool which resets OAuth grants. They had to do this because they inadvertently logged OAuth tokens, so all the grants needed to be reset. In the biz, that’s called a comedy of errors (on a Friday night before a holiday, no less).
Best explanation is here: New Entra “Leaked Credentials” – no breach on HIBP etc
More information in various articles:
- Microsoft Entra ID MACE Credential Revocation Tool Triggers Mass Account Lockouts
- An Account Blocked by MACE Credential Revocation Is A Good Way to Start a Saturday Morning
- Widespread Microsoft Entra lockouts tied to new security feature rollout
There are recommendations in the first article to go some security feature and mark the affected users and not risky. It won’t matter, though, all the OAuth credentials will have to be refreshed because the MACE deployment ruined all the OAuth grants already.
Monday, April 21st, 2025 7:50 AM
We continue to investigate why certain Microsoft Entra ID grants are being revoked and will report back when more information is available.
Sunday, April 20th, 2025 7:30 AM
We have fixed a bug with automatically disabling sensors that fail due to an OAuth grant revocation. Affected sensors should now be disabled, automatically, within a minute or two.
We continue to investigate why Microsoft Entra ID grants are being revoked and will report back when more information is available.
Saturday, April 19th, 2025 6:15 AM
We are investigating an issue with token retrieval and Microsoft Entra ID (formerly Azure AD). Repeated attempts with HTTP 400 response codes from Microsoft Entra ID are causing excess emails and token resetting to take place. We recommend disabling the affected sensors in the meantime. We will update this status page when more information is available.
Monday, March 3rd, 2025 8:30 AM
We’ve updated the core binaries of the Exchange Online sensors and deployed. The sensors should be updating throughout the day as the binaries are rolled out.
Monday, March 3rd, 2025 6:00 AM
Microsoft has altered the HTTP headers for Exchange Web Services, in particular, EWS that utilizes OAuth authentication. The ‘x-ms-diagnostics’ header variable was removed, and this header variable was relied upon for definitive OAuth token expiration checking.
We are testing other techniques and header checking for OAuth token expiration and hope to have a solution deployed within the next few hours after testing.
Monday, August 12th, 2024 8:30 PM
Microsoft has updated the status of TM859179 indicating that they believe the situation has resolved itself. Sensor performance has improved.
https://admin.microsoft.com/#/servicehealth/:/alerts/TM859179
Monday, August 12th, 2024 4:43 PM
Microsoft continues to vaguely report issues with their Team’s infrastructure under the ticket TM859179, but details that they “suspect a third-party Internet Service Provider (ISP)…”.
The issue does seem to be improving a little, but for some customers there are still Teams AV outages.
Monday, August 12th, 2024 9:00 AM
Microsoft is reporting issues with Teams in tickets TM859179 and TM859168 but now reporting false positives. They sometimes do this until they really realize and discover what the problem is.
Sunday, August 11th, 2024 11:40 AM
We have reported the BOT infrastructure issue to Microsoft. Adding BOT capacity hasn’t improved the issue at this time.
Monday, August 12th, 2024 7:00 AM
We have expanded the BOTs in order to deal with slower Azure capacity and will continue to watch the performance closely.
Saturday, August 10th, 2024 9:00 PM
We are examining capacity and utilization issues with the Teams AV BOT. We will closely monitor the issue until the next update.