On March 3, 2022, at around 3:00 pm EST, Duo's Engineering Team was alerted by monitoring that azure directory syncs were failing for some customers. The root cause was identified as the Duo Directory Sync process encountering failures for certain API calls to the Microsoft Graph API used during Directory Sync. Authentication was not impacted during this time period.
The issue was resolved on the same day by deploying a code change that removed the problematic API calls to the Microsoft Graph API during sync.
Duo Engineering observed Azure AD full Directory Syncs failing. Only Customers that use Microsoft Azure AD were impacted in our identified Deployment list. Duo Engineering eliminated unnecessary API calls to Microsoft Graph endpoint that were occasionally failing. The unnecessary API calls will no longer be part of the sync process, so future failures from these endpoints will not affect directory sync. We are improving our monitoring to detect this type of issue earlier.
Note: You can find your Duo deployment’s ID and sign up for updates via the StatusPage by following the instructions in this knowledge base article.