Forum Discussion
General Question: Microsoft 365 admin console tab label
- Admin.microsoft.com uses resources hosted on res.cdn.office.net for those tab titles. In this case, that request looks like this:
GET https://res.cdn.office.net/admincenter/admin-pkg/2024.3.28.1/en/jsc/reactadminbootstrap.js HTTP/1.1
Host: res.cdn.office.net
Connection: keep-alive
sec-ch-ua: "Microsoft Edge";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://admin.microsoft.com/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Although the path contains "en" as the lang code, the strings are (as everyone noted) in Croatian. All the other locales I tested (it, de, etc.) don't appear to have the same bug. Just "en." Also, res.cdn.office.net uses Akamai as a content delivery network, and this .js file is cached with Cache-Control max-age=630720000 (20 years?). So even if it was fixed on the origin servers, the Akamai cache would have to be purged, or they would have to use a new file path, and that appears to be their approach (this one has the release date /2024.3.28.1/ in the path).
This has already been confirmed to be a bug that Microsoft is working on by other members, I just wanted to provide some additional details based on what I see.
Glad its not just me. Opened a ticket with Microsoft about 15 min ago claiming our hybrid tenant was under a possible cyber attack. They called me back and confirmed it is not a cyber attack, but is a known issue that their Engineering team is working on. They'll follow up once they have more info.
Follow up response from MS:
Thank you for reaching out to us regarding the issue you’ve been experiencing. We appreciate your patience and would like to provide you with some important updates.
Not a Cyber Attack: We want to assure you that the issue you’re facing is not related to a cyber attack. Our security team has thoroughly investigated, and we can confirm that your account remains secure.
Known Issue: We understand the inconvenience this has caused you. Please be aware that this issue is a known problem, and we are actively working on resolving it.
Engineering Team Involvement: Our dedicated engineering team is currently working diligently to address this issue. Rest assured, we are committed to finding a solution as quickly as possible.
Account Security: Your account remains safe, and there is no indication of any unauthorized access. We take security seriously, and our systems are continuously monitored.
Ticket Status: We will keep your ticket open and provide updates as we make progress. Please keep your lines open or check your email periodically for any communication from us.
If you have any further questions or concerns, feel free to reply to this email or contact our support team directly. We appreciate your understanding and cooperation.
- That's reassuring as one gets very fidgety when weird things happen with the admin console!
SysAdmin1010 For some reason, this does not give me a sense of "all is well, nothing to see here, move along." I would think if it was something as simple as an incorrect location provision in a tenant's tabs, it would be a pretty straight forward fix. I also have a hard time thinking some junior programmer could update code that would cause this kind of error especially when it has affected a wide range of tenant locations and all levels up to E5. Could be, I'm just paranoid...
