Sure depends on the architecture. When the auth service is down, everything else should be down. But when the "optional feature" service is down, a core component should be unaffected by that.

Split up services where it makes sense and don't over do it. That's how I design my projects.

When the auth service is down, only new authentications should fail. Existing auth sessions should continue to function just fine. This exact failure mode occured at Google in early 2021 which caused a fairly big outage but not as big as it could have been because of this design choice.

For many websites, there is considerable amount of content that should be available if auth is down. Think eshops, news portals, etc.

You design your microservices so that they gracefully degrade.

So if a database service is not available you simply return stale, cached data until the service is back up.