SHAREPOINT ONLINE INTEGRATION OUTAGE
1. Incident Identification
- Incident Title: SharePoint Online Integration Failure with Enterprise Portals
- Reported By: 2018ruthmwangi@gmail.com to jkimathi@kemri.go.ke and others copied.
- Date of Occurrence: 19th August 2025 – 22nd August 2025
- Date of Resolution: 22nd August 2025 at 02:00 AM
- System Affected: SharePoint Online REST/OData API integration with enterprise portals e.g ESS
- Severity Level: High: Critical Business Functionality Impared
2. Incident Description
During the period from 19th to 15th August 2025, integration between SharePoint Online and enterprise portals failed due to authentication issues. The failure impacted access to SharePoint REST/OData APIs from PHP-based applications, disrupting data exchange and portal functionality.
3. Root Cause Analysis
- Primary Cause: Microsoft deprecated SAML-based authentication for SharePoint REST/OData APIs.
- Secondary Cause: Lack of immediate documentation and guidance on enabling custom app authentication within the Azure tenant.
- Affected Component: PHP authentication library
vgrem/phpSPOused in enterprise applications.
4. Impact Assessment
- Business Impact: Temporary disruption in portal services relying on SharePoint data.
- Data Integrity: No data loss or corruption reported.
- Security Impact: No unauthorized access or breach detected.
- Compliance Risk: Minimal, as the issue was resolved within a reasonable timeframe and no sensitive data was exposed.
5. Timeline of Events
| Date/Time (UTC) | Event Description | Status |
|---|---|---|
| Aug 19, 2025, 09:00 | Initial alerts generated; SharePoint integrations begin failing with authentication errors. | Detected |
| Aug 19 - Aug 14 | Investigation phase. Team combed through Microsoft documentation to identify the cause (SAML deprecation). | Diagnosing |
| Aug 20 | Root cause confirmed. Microsoft's recommended remediation path (Azure Entra App Registration) identified. | Diagnosed |
| Aug 21 | Remediation : Efforts continued , vendors were involved but no solution was preferred. | Working |
| Aug 22, Evening |
Remediation Delay: Development of new auth flow stalled due to missing tenant-level setting ("Allow custom app authentication"). The required tenant configuration parameter was identified with the aid of Microsoft Co-pilot LLM. |
Breakthrough |
| Aug 22, 02:00 |
Configuration applied: 1) Enabled custom app authentication on tenant. 2) Updated application to use new ClientID/Secret flow. Service restored. |
Resolved |
6. Remediation Process
- Reviewed Microsoft documentation regarding the deprecation of SAML authentication.
- Followed Microsoft’s recommendation to:
- Create an application in Azure Entra.
- Use the app’s
clientIDandclientSecretto generate a bearer token for API access.
- Evaluated compatibility and limitations of the
vgrem/phpSPOlibrary. - Identified missing configuration for enabling custom app authentication in the Azure tenant.
- Enabled custom app authentication and successfully generated access tokens using application credentials.
6.7. Resolution
- Date & Time: 19th August 2025 at 02:00 AM
- Actions Taken:
- Enabled custom app authentication on Azure Entra.
- Generated bearer tokens using application credentials.
- Restored integration functionality between SharePoint Online and enterprise portals.
7.8. Lessons Learned
- Authentication Changes: Cloud service providers may deprecate legacy authentication methods without sufficient early warning.
- Documentation Gaps: Critical configuration steps (e.g., enabling custom app authentication) may not be clearly documented.
- Tool Effectiveness: Microsoft Copilot LLM proved invaluable in troubleshooting and navigating Microsoft’s documentation.
8.9. Preventive Measures
- Monitoring: Implement monitoring for authentication method changes and API deprecations.
- Documentation: Maintain internal documentation for Azure app registration and token generation processes.
- Secret Management: Track and renew
clientSecretevery 180 days via Azure Entra → App Registration → Certificates & Secrets. - Library Review: Periodically review and update third-party libraries used for authentication.
9.10. Reporting & Compliance
- Report Prepared By: Francis Mwangi, ICT Officer
- Date of Report: 23rd August 2025
- Compliance Reference: ISO/IEC 27001:2013 – A.5.26 Response to Information Security Incidents