Microsoft MFA Down – 504 Gateway Timeout Errors Disrupting MFA Access for U.S. Users

Microsoft is currently investigating a significant service degradation affecting Multi-Factor Authentication (MFA) across its Microsoft 365 suite, with users in the North America region reporting widespread 504 gateway timeout errors when attempting to authenticate into MFA-protected services.

The incident, tracked under issue ID MO1237461, began at approximately 8:22 PM IST (2:52 PM UTC) on February 23, 2026, and remains under active investigation.

Users attempting to complete MFA challenges are encountering 504 Gateway Timeout responses, effectively blocking access to Microsoft 365 applications, portals, and any downstream services that rely on MFA as part of their authentication flow.

The 504 error indicates that an upstream server, in this case, likely within Microsoft’s authentication infrastructure, is failing to respond within the expected time window, causing the gateway layer to return a timeout to the end user.

Microsoft confirmed the incident on its service health dashboard, classifying it as a service degradation rather than a complete outage, suggesting some users may still be able to authenticate intermittently depending on request routing.

However, for affected users, the inability to pass MFA verification effectively locks them out of their accounts and associated productivity tools entirely.

The incident is currently scoped to the North America region, meaning U.S.-based organizations and enterprise customers are bearing the brunt of the disruption.

The full breadth of affected user segments has not yet been disclosed, but given Microsoft 365’s penetration in enterprise environments, the impact is expected to extend to corporate email, Teams collaboration, SharePoint, and any third-party integrations relying on Microsoft Entra ID for federated authentication.

Conditional Access policies that enforce MFA compliance are also likely affected, potentially preventing device logins, VPN authentication, and access to cloud-hosted business applications that use Entra ID as their identity provider.

In its latest service update posted at 9:27 PM IST, Microsoft stated it is actively reviewing Microsoft Entra logs and network telemetry signals to isolate the root cause of the issue.

Entra ID, formerly known as Azure Active Directory, serves as the backbone of Microsoft’s identity and access management platform. Investigating telemetry at this layer suggests the issue may be rooted in an authentication gateway, load balancer, or backend processing component within the Entra infrastructure.

Microsoft has pushed two prior status updates during the incident window at 8:23 PM and 8:56 PM IST, indicating active engagement from the engineering team, though no estimated time of resolution has been provided at this stage.

For security-conscious organizations, MFA downtime presents a complex operational dilemma. Disabling MFA to restore access introduces unacceptable identity risk, while maintaining enforcement leaves users locked out of critical systems.

IT administrators are advised to monitor the Microsoft 365 Service Health Dashboard under incident ID MO1237461 for real-time updates and to evaluate whether temporary policy adjustments are warranted based on business continuity requirements.

The company’s public status page (status.cloud.microsoft) currently shows all services as operational, but the detailed incident details are only available to tenants via the admin center.

The issue was detailed in service health alert MO1237461, visible in the Microsoft 365 admin center. The official description reads: “We’re investigating an issue in which users in the United States may be experiencing 504 gateway timeout errors when trying to access services that require Multi-Factor Authentication (MFA).

Microsoft has not yet attributed the issue to a specific technical failure or confirmed whether any security-related events are associated with the degradation.

What Affected Users and Admins Can Do

• Monitor the Service Health dashboard in the Microsoft 365 admin center for updates on MO1237461.
• Try signing in from a different network, device, or browser, or temporarily disable MFA prompts where policies allow (not recommended for production accounts).
• Contact Microsoft Support if business-critical access is blocked.

This is a developing story. Microsoft’s official @MSFT365Status account on X has started sharing updates, and several real-time news sources have posted the same incident details in the past hour.

Users are advised to monitor their tenant’s service health dashboard for the latest updates, as detailed incident information is usually shared there first.

We will keep the story updated.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.