On August 10, 2022, at ~8:44AM EST, Microsoft communicated via tweet (@MSFT365status) that they were investigating an issue where some users in the EMEA region were unable to connect to some Microsoft 365 services.
For IT pros or system admins, additional information could be found under SI MO411804 in the admin center.
Reports indicated the service issues was due to a Cisco Meraki firewall Intrusion Detection and Prevention (IDR) false positive blocking Microsoft 365 connections with "Microsoft Windows IIS denial-of-service attempt" alerts. According to a Cisco Meraki employee, "We would like to make you aware of a vulnerability reported by Microsoft CVE-2022-35748 , triggering SNORT rule 1-60381".
The employee also stated, "Our recommendation at this time is to follow Microsoft's guidance and ensure that your Servers, OS and software are up to date with the latest security patches."
We’re investigating an issue where some users in the EMEA region are unable to connect to some Microsoft 365 services. More details are available in the admin center under the SI MO411804.
— Microsoft 365 Status (@MSFT365Status) August 10, 2022
Over an hour later, Microsoft provide another update that traffic is being blocked across multiple regions.
Our investigation is focused on a potential issue where legitimate Microsoft traffic is being blocked across multiple regions. More details are available in your admin center under the SI MO411804.
— Microsoft 365 Status (@MSFT365Status) August 10, 2022
Later that day, Microsoft provided temporary solutions around disabling snort rule 1-60381.
We're working with our firewall partners to investigate snort rule 1-60381. We've received confirmation from some affected users that disabling the rule provides immediate relief. Additional information can be found in the admin center under MO411804.
— Microsoft 365 Status (@MSFT365Status) August 10, 2022
An hour after that update, Microsoft alerted users that the third party disabled the affected rule.
The third-party provider has disabled the affected snort rule and anticipate that the change should fully propagate within 1-2 hours. We've verified that this change will mitigate impact for all users. Additional details are available in the admin center under MO411804.
— Microsoft 365 Status (@MSFT365Status) August 10, 2022
In a cloud-world, outages are bound to happen. While Microsoft is responsible for restoring service during outages, IT needs to take ownership of their environment and user experience. It is crucial to have greater visibility into business impacts during a service outage the moment it happens.
ENow’s Office 365 Monitoring and Reporting solution enables IT Pros to pinpoint the exact services effected and root cause of the issues an organization is experiencing during a service outage by providing:
Identify the scope of Office 365 service outage impacts and restore workplace productivity with ENow’s Office 365 Monitoring and Reporting solution. Access your free 14-day trial today!