Windows Platform Authenticator unable to login to Microsoft Office products on Windows

Incident Report for Beyond Identity

Postmortem

INC-232 Unable to authenticate to Microsoft apps - postmortem report

Executive Summary

Summary

Beyond Identity released endpoint version 2.88.0 on September 21st, 2023, at 11:18 PM. The Windows Platform Authenticator contained a code change that didn’t pass the correct redirection to the Microsoft webview window, breaking authentication to native Microsoft Office apps on Windows. A hotfix 2.88.1 was released on September 22nd, 2023, at 07:20 PM CDT for Windows platform to fix the issue.

Customer Impact

All customers using Windows who upgraded to the 2.88.0 version were impacted. Updating to the fixed version will fix the issue immediately.

Leadup

Beyond Identity released 2.88.0 endpoints on September 21st, 2023, at 11:18 PM CDT.

Fault

On Windows, authenticating to native Microsoft Office Applications was hanging in the webview window after successful authentication.

Detection

A customer support ticket was opened on September 22nd, 2023, at 11:23 AM CDT.

Root causes

An unintentional change in the Microsoft webview window behavior on the Windows platform.
The code review didn’t catch the change as the impacted line was not changed directly.
Microsoft caches the login, and the QA team didn’t catch the issue.
A faulty code was released.

Mitigation and resolution

A bug was identified and fixed.
Hotfix 2.88.1 for Windows was released.

Lessons learned

[BIT-1643] We need to add a unit test that tests whether the content passed to this specific webview is actually a URL.
[BIT-1644] The end-to-end testing needs to include a case that verifies that we do a valid redirect back to the application at the end.
[BIT-1645] The QA team will add a pre-requisite for automated UI testing to clear potentially cached Microsoft sign-in.

Posted Sep 25, 2023 - 18:59 CDT

Resolved

A hotfix for Windows platforms has been released. The 2.88.1 version will fix the issue. Release notes can be found at https://support.beyondidentity.com/hc/en-us/articles/17749590174871-Version-2-88-1-Endpoint-Release-Notes.
The postmortem will be published once the engineering team has performed it.

Posted Sep 22, 2023 - 19:20 CDT

Identified

The issue has been identified, and a hotfix will be released. We are tracking this issue with bug tracker BIT-1638.

Posted Sep 22, 2023 - 15:39 CDT

Investigating

We have identified an issue with the release 2.88.0 on the Windows platform when signing in to Microsoft Office applications. The web apps work just fine, but the locally installed Office apps have issues signing in with a new user. Our engineering team is investigating.

Posted Sep 22, 2023 - 13:51 CDT

This incident affected: Windows Platform Authenticator Application and Windows Desktop Login Application.