Exchange Online Service Alert - Encrypted Email messages via Exchange Online
Incident Report for AppRiver
Resolved
Exchange Online service alert

Advisory information
Title: Some users are unable to send encrypted email messages using newly created sensitivity labels
ID: EX307425

Status
Service Restored

Details
Title: Some users are unable to send encrypted email messages using newly created sensitivity labels

User Impact: Users' encrypted email messages using newly created sensitivity labels failed to be sent through Exchange Online.

Final status: We've confirmed that the fix has now completely saturated the affected infrastructure and the user impact is remediated.

Scope of impact: Impact was specific to a subset of users serviced through the affected infrastructure.

Start time: Tuesday, November 23, 2021, at 8:00 AM UTC

End time: Friday, January 14, 2022, at 2:00 AM UTC

Root cause: A recent change intended to optimize the infrastructure introduced a code error, which was causing Rights Management Services (RMS) processes to fail, causing errors and resulting in impact.

Next steps:
- To help prevent similar impact in the future, we're further reviewing the code error which was introduced by the change intended to optimize the infrastructure.

This is the final update for the event.

Thank you,
The Microsoft team
Posted Jan 14, 2022 - 07:00 CST
Update
EX311826



January 10, 2022 11:24 AM
Title: Recipients are unable to open encrypted email messages sent via Exchange Online



User Impact: Recipients are unable to open encrypted email messages sent via Exchange Online.



More info: Affected users can use One Time Password (OTP) as an alternative method to open encrypted email messages; however, when using this method, users should not select the option which states "This is a private computer. Keep me signed for 12 hours." Selecting this option will result in impact and is being addressed with the secondary fix.



Current status: We've received feedback from affected users that messages sent leveraging transport rules on legacy encryption methods are still experiencing impact when opened via desktop browsers. Upon reviewing the data provided by these users, we've confirmed that the code path used by some legacy encryption methods wasn't addressed with the initial fix for desktop scenarios but is subsequently covered with the ongoing deployment meant to address the mobile web client. This fix has currently saturated to eight percent across the affected environments, and we're monitoring its progress and will provide an update on the deployment timeline during our next scheduled update in efforts to identify an approximate remediation date.



Scope of impact: The issue may impact any users sending external encrypted email messages.



Start time: Friday, December 17, 2021, 1:28 AM (7:28 AM UTC)



Root cause: A compatibility issue with the Outlook on the web legacy codebase is causing message decryption failures.



Next update by: Friday, January 14, 2022, 1:00 PM (7:00 PM UTC)
Posted Jan 11, 2022 - 13:19 CST
Identified
January 8, 2022 11:55 AM

Title: Recipients are unable to open encrypted email messages sent via Exchange Online

User Impact: Recipients are unable to open encrypted email messages sent via Exchange Online. More info: Affected users can use One Time Password (OTP) as an alternative method to open encrypted email messages; however, when using this method, users should not select the option which states "This is a private computer. Keep me signed for 12 hours." Selecting this option will result in impact and is being addressed with the secondary fix.

Current status: We've validated within our test environment that impact is remediated for the mobile web clients, and we're proceeding with deployment of the fix to affected environments. Based on initial metrics, we estimate that the fix for mobile scenarios should be saturated by Monday, January 17, 2022 and we'll monitor the fix as it saturates to ensure it completes as expected. In parallel, we're standing by for further user feedback to ensure that the desktop web client scenario is resolved.

Scope of impact: The issue may impact any users sending external encrypted email messages.

Start time: Friday, December 17, 2021, 1:28 AM (7:28 AM UTC)

Root cause: A compatibility issue with the Outlook on the web legacy codebase is causing message decryption failures.

Next update by: Monday, January 10, 2022, 1:00 PM (7:00 PM UTC)
Posted Jan 10, 2022 - 11:02 CST
Investigating
Exchange Online service alert

Incident information
Title: Recipients are unable to open encrypted email messages sent via Exchange Online
ID: EX311826

Status
Service Degradation

Details
Title: Recipients are unable to open encrypted email messages sent via Exchange Online

User Impact: Recipients are unable to open encrypted email messages sent via Exchange Online.

More info: Affected users could have used a One Time Password (OTP) as an alternative method to open encrypted email messages.

Current status: We've received reports that impact associated with EX307758 persists in some environments, and we've determined that the fix didn't fully saturate all affected environments as expected. We're working to complete the deployment process to remediate impact for the remaining affected users, and we'll have a more precise deployment timeline in our next update. Users may experience gradual relief as the fix progresses throughout their environment.

Scope of impact: The issue may impact any users sending external encrypted email messages.

Start time: Friday, December 17, 2021, at 7:28 AM UTC

Root cause: A compatibility issue with the Outlook on the web legacy codebase is causing message decryption failures.

Next update by: Saturday, January 8, 2022, at 12:00 AM UTC

Thank you,
The Microsoft team
Posted Jan 05, 2022 - 16:16 CST
This incident affected: Office 365.