Two weeks ago, all our Azure production systems went down, and we received an e-mail from them saying
We’ve disabled your Azure subscription
To protect the security and privacy of your account, we perform routine audits of all Azure subscriptions. During one of these audits, we identified suspicious activity in your subscription that violates the Microsoft Acceptable Use Policy. We’ve disabled your subscription until the issue can be resolved.
If you believe this is an error, please contact Azure support.
We knew of no problem, and had received no previous warnings, so we contacted support. (We have a Standard support plan, which gets us a fairly quick response, but not necessarily a resolution.) After 11 hours (and many e-mails) everything turned on again and we received a message saying simply
You subscription is enabled.
Microsoft have not answered queries for an explanation as to what this "suspicious activity" was, nor how they resolved the situation and were able to enable our account again. They have not explained why they could provide no information about the cause of the problem for the duration of the problem.
Has anyone else experienced this? How can we avoid it in future?
Edit
Microsoft have now responded and said
...we identified that suspicious activity was on the IP that was originally mapped to the service that was deployed on your subscription. IP was hosting a phishing page that was attributed to Azure. Hence our system tracked the subscription and tagged as Terms Of Use Violation. Hence the subscription got suspended.
Still wondering whyThey have also accepted that it took 11 hours to resolve.longer than should have. They gave us a credit for one month's use on that subscription.