Privacy Ninja

Microsoft 365 Outage Triggered by Meraki Firewall False Positive

Microsoft 365 Outage Triggered by Meraki Firewall False Positive

An ongoing outage affects multiple Microsoft 365 services, blocking users from connecting to Exchange Online, Microsoft Teams, Outlook desktop clients, and OneDrive for Business.

While Microsoft says that this incident has only affected customers in the EMEA (Europe, the Middle East, and Africa) region, users have been reporting server connection issues and sign-in failures worldwide.

“At this time, impact appears to be specific to some users who are served through the affected infrastructure in Europe, Middle East, and Africa,” the company said in a service alert.

Also Read: Do Not Call Registry Penalty: Important Tips To Consider

“We’re reviewing system telemetry to isolate the source of the issue. Additionally, we’re working with impacted users to gather network trace logs to assist our investigation.”

While Microsoft says it’s still investigating the issue, this ongoing outage is most likely linked to a Cisco Meraki firewall Intrusion Detection and Prevention (IDR) false positive blocking Microsoft 365 connections with “Microsoft Windows IIS denial-of-service attempt” alerts.

“We would like to make you aware of a vulnerability reported by Microsoft CVE-2022-35748 , triggering SNORT rule 1-60381,” a Cisco Meraki employee said on Wednesday.

“SNORT is correctly protecting your networks from a known vulnerability and therefore operating as intended.

“Our recommendation at this time is to follow Microsoft’s guidance and ensure that your Servers, OS and software are up to date with the latest security patches.”

As shared by multiple customers who managed to work around this issue, admins who want to restore Microsoft 365 connectivity on impacted systems can allow list IPS rule ID 1-60381 from their organization’s Meraki dashboard > Security & SD Wan > Threat Protection > Allow List rules.

Also Read: Facts About Accountability PDF That You Need to Know About

Update August 10, 16:42 EDT: Microsoft confirmed that the outage was the result of Snort rule 1-60381 and says Cisco Meraki disabled the affected rule, with the change to propagate within 1-2 hours.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us