7

Two weeks ago, all our Azure production systems went down, and we received an e-mail from them saying

We’ve disabled your Azure subscription

To protect the security and privacy of your account, we perform routine audits of all Azure subscriptions. During one of these audits, we identified suspicious activity in your subscription that violates the Microsoft Acceptable Use Policy. We’ve disabled your subscription until the issue can be resolved.

If you believe this is an error, please contact Azure support.

We knew of no problem, and had received no previous warnings, so we contacted support. (We have a Standard support plan, which gets us a fairly quick response, but not necessarily a resolution.) After 11 hours (and many e-mails) everything turned on again and we received a message saying simply

You subscription is enabled.

Microsoft have not answered queries for an explanation as to what this "suspicious activity" was, nor how they resolved the situation and were able to enable our account again. They have not explained why they could provide no information about the cause of the problem for the duration of the problem.

Has anyone else experienced this? How can we avoid it in future?

Edit

Microsoft have now responded and said

...we identified that suspicious activity was on the IP that was originally mapped to the service that was deployed on your subscription. IP was hosting a phishing page that was attributed to Azure. Hence our system tracked the subscription and tagged as Terms Of Use Violation. Hence the subscription got suspended.

They have also accepted that it took longer than should have. They gave us a credit for one month's use on that subscription.

Oliver Bock
  • 215
  • 2
  • 7

3 Answers3

9

Having your account suspended or terminated without notice is one of the risks of using a public cloud. It is likely a very low risk (for most organizations) but it won't feel that way when it happens to you!

You mitigate this risk the same way as any other single point of failure. You host your applications across multiple cloud providers, so that the loss of one does not completely stop production.

You probably should also have part of your production environment on premise. This design has its own buzzword, hybrid cloud, and each cloud provider has its own idea of a hybrid cloud solution. You should evaluate these to see which meet your needs or whether you need to build something all your own.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thanks. It is difficult for us to host with other cloud providers because our systems use a lot of Azure services. We will probably move to use multiple Azure subscriptions to mitigate some risk. Hybrid is interesting, but unless we provide the same physical resources as Azure does, then we cannot stand up a complete replacement system, which makes it kind of expensive, and the Azure cloud a bit pointless. – Oliver Bock Apr 12 '19 at 04:10
  • 3
    If they suspended your account because of some activity that they misinterpreted as being potentially malicious, then it might not matter if you have multiple Azure accounts as presumably the same thing would happen to all of them at once for similar activity. Your organization should look into what it would take to make your applications cloud-agnostic. It usually isn't all that much work, time or money. – Michael Hampton Apr 12 '19 at 06:38
  • 4
    It should be a part of your business continuity plan that your provider can shut you down unilaterally. Whether you spend time and money to mitigate this risk is up to you. – John Mahowald Apr 12 '19 at 14:37
2

Never heard of it happening, but all you really can do is to keep asking them what the activity was.

I would also go through all of your services and think what it could be. Maybe a mail relay service somewhere that could have sent spam. Or if you use a crawler bot. Things like that is not allowed to run in Azure.

Jarnstrom
  • 705
  • 4
  • 9
1

I guess the only way is a formal complaint, describing the facts, asking for a refund for the time the service was not available and a compensation for lost profit (reasonable and the one you can stand behind and provide true numbers). They may just pay, they may explain what happened. Or just ignore you so your only way to proceed would be to go to court.

Tomek
  • 3,390
  • 1
  • 16
  • 10