Problem solve Get help with specific problems with your technologies, process and projects.

Users can no longer reach any Microsoft login site. Any ideas?

When users can no longer access certain websites, a proxy is most likely the cause. In this identlty and access management expert response, learn best practices for managing such proxies.

We've had a number of users complain that they can no longer reach their Hotmail site from work or any other login site belonging to Microsoft. This has been happening for about a week. The symptom is to get to the login page, enter the credentials and wait, wait ... no errors, no BSOD, no 404, nothing. It is somewhat strange because the users can take the same laptop that failed access from the office net and successfully log in from home or elsewhere outside the office. Any ideas?
The company is probably using some sort of proxy in the office that blocks access to certain websites. Once someone leaves the office with his or her laptop, he or she is connecting directly to the Internet without a proxy, and is home free.

Proxies like those offered by vendors Blue Coat Systems Inc. and Websense Inc. are used by companies to restrict access to the Web by both preventing employees from going to inappropriate sites and blocking them from inadvertently downloading malware. These products frequently are configured to block access to personal webmail like Hotmail, Yahoo and Google, which are often a source of malware. Companies also block personal email to prevent data leakage from employees that might try, either maliciously or inadvertently, to send out sensitive customer information or proprietary information.

Proxies usually come with a set of default configurations for blocking things like pornography or gambling, but can also be manually configured to include sites a company might deem as time wasters, such as shopping and social networking sites.

Usually, companies have written policies detailing what is appropriate Web usage; such a policy should be clearly communicated to employees with an explanation that all Web traffic is monitored by proxies.

What's odd is that login sites from Microsoft seem to be affected. But there is a pattern here. Since Hotmail is offered by MSN, a Microsoft product, it can be accessed with a Passport or Windows Live ID account, both also offered by Microsoft.

It's possible that the proxy configurations are blocking Passport, Live ID or other Microsoft single-sign on (SSO) IDs, which would block not only Hotmail but also any other Microsoft login. In an effort to block access to personal email, logins to Microsoft sites may have inadvertently been blocked, too.

First, check if the company is using a proxy product for restricting Web and webmail access, then check the settings to make sure Windows SSO products aren't being blocked as well.

More information:

This was last published in June 2008

Dig Deeper on Web authentication and access control

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.