We see the same thing. One of my team is sailing around in the portal, even opening new tabs and it all is just working.
But I can't create a new session, even when remoted into an Azure-hosted VM. All our servers and services seem to be running fine; it just seems to be the portal.azure.com website that is impacted.
Probably because the actual portal service call happens at new page load.
Metric pages and everything else are data plane/control plane info most likely, which is coming from other services.
An easy way to validate this would be using fidler or similar to analyze the traffic that happens in the loaded page.
This is exactly the case. API calls/cli tools never went down because they tickle the control plane APIs directly, and the Portal also tickles those APIs directly. The Portal seems to just be a client-side web app, and the CDN serving that and what ever minimal server-side infra that makes login work, etc was what was targeted by the ddos
But I can't create a new session, even when remoted into an Azure-hosted VM. All our servers and services seem to be running fine; it just seems to be the portal.azure.com website that is impacted.