Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users.
Recipients may receive a single-use access code via a separate email to open an encrypted message in Gmail, Yahoo, or other email clients without a Microsoft 365 subscription. This OTP message allows them to view the encrypted email on the Office 365 Message Encryption portal.
However, as the company explains in a new service alert published in the admin center, some users may not receive OTP emails because of a known Domain Name System (DNS) record misconfiguration.
“Some users expecting to receive OTP email messages for encrypted email messages in Exchange Online may be impacted,” Microsoft said.
“DNS records for the domain that provides OTP email messages to encrypted messages became misconfigured, which is causing impact. We’ve corrected the DNS record configurations for the affected domain and are reaching out to a sample of affected users to confirm whether the impact is remediated.”
In a previous update regarding this incident, Microsoft noted that the OTP delivery problems are due to the removal of DNS records for the domain that generates access codes for encrypted messages.
It also added that the known issue specifically affects users who have a process set up to perform DNS checks on incoming email messages.
While Microsoft has yet to provide detailed information about the extent of the incident, the company has identified it as a critical service issue in the Microsoft 365 admin center, indicating that it has a significant impact on users.
In February, Microsoft resolved a widespread issue causing Entra ID DNS authentication failures, which were triggered by a DNS change that resulted in DNS resolution failures for the autologon.microsoftazuread.sso.com domain.
In recent years, Microsoft has had to address outages and incidents caused by DNS issues, including one in August 2023 that was triggered by a misconfigured DNS SPF record, resulting in worldwide Hotmail email delivery failures.
Two years earlier, in April 2021, a code defect was responsible for a global outage that affected many Microsoft servicesdue to overloaded Azure DNS servers.
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.
Drawing from Wiz’s detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.