Skip to main content

SHAREPOINT ONLINE INTEGRATION OUTAGE

1. Incident Identification

  • Incident Title: SharePoint Online Integration Failure with Enterprise Portals
  • Reported By: 2018ruthmwangi@gmail.com to jkimathi@kemri.go.ke and others copied.
  • Date of Occurrence: 19th August 2025 – 22nd August 2025
  • Date of Resolution: 22nd August 2025 at 02:00 AM
  • System Affected: SharePoint Online REST/OData API integration with enterprise portals e.g ESS
  • Severity Level: High: Critical Business Functionality  Impared

2. Incident Description

During the period from 19th to 15th August 2025, integration between SharePoint Online and enterprise portals failed due to authentication issues. The failure impacted access to SharePoint REST/OData APIs from PHP-based applications, disrupting data exchange and portal functionality.

3. Root Cause Analysis

  • Primary Cause: Microsoft deprecated SAML-based authentication for SharePoint REST/OData APIs.
  • Secondary Cause: Lack of immediate documentation and guidance on enabling custom app authentication within the Azure tenant.
  • Affected Component: PHP authentication library vgrem/phpSPO used in enterprise applications.

4. Impact Assessment

  • Business Impact: Temporary disruption in portal services relying on SharePoint data.
  • Data Integrity: No data loss or corruption reported.
  • Security Impact: No unauthorized access or breach detected.
  • Compliance Risk: Minimal, as the issue was resolved within a reasonable timeframe and no sensitive data was exposed.

5. Remediation Process

  • Reviewed Microsoft documentation regarding the deprecation of SAML authentication.
  • Followed Microsoft’s recommendation to:
    • Create an application in Azure Entra.
    • Use the app’s clientID and clientSecret to generate a bearer token for API access.
  • Evaluated compatibility and limitations of the vgrem/phpSPO library.
  • Identified missing configuration for enabling custom app authentication in the Azure tenant.
  • Enabled custom app authentication and successfully generated access tokens using application credentials.

6. Resolution

  • Date & Time: 19th August 2025 at 02:00 AM
  • Actions Taken:
    • Enabled custom app authentication on Azure Entra.
    • Generated bearer tokens using application credentials.
    • Restored integration functionality between SharePoint Online and enterprise portals.

7. Lessons Learned

  • Authentication Changes: Cloud service providers may deprecate legacy authentication methods without sufficient early warning.
  • Documentation Gaps: Critical configuration steps (e.g., enabling custom app authentication) may not be clearly documented.
  • Tool Effectiveness: Microsoft Copilot LLM proved invaluable in troubleshooting and navigating Microsoft’s documentation.

8. Preventive Measures

  • Monitoring: Implement monitoring for authentication method changes and API deprecations.
  • Documentation: Maintain internal documentation for Azure app registration and token generation processes.
  • Secret Management: Track and renew clientSecret every 180 days via Azure Entra → App Registration → Certificates & Secrets.
  • Library Review: Periodically review and update third-party libraries used for authentication.

9. Reporting & Compliance

  • Report Prepared By: Francis Mwangi, ICT Officer
  • Date of Report: 23rd August 2025
  • Compliance Reference: ISO/IEC 27001:2013 – A.5.26 Response to Information Security Incidents
Back to top