Urgent ESA Issue - 2021-09-24-1
Incident Report for Security: Urgent Notices
Monitoring
Microsoft continues working on their machine learning algorithm to categorize encrypted envelopes accurately.
Microsoft's team is still working on a global and permanent fix.
Cisco continues submitting evidence to Microsoft for accelerating their machine learning input.
Cisco suggest to set up SPF, DKIM and DMARC records to mitigate the impact.
ETA for next update: Monday, October 18th, 2021.
Posted Oct 11, 2021 - 20:15 EDT
Update
Despite Microsoft deploying a workaround last Friday, October 1st, 2021, there is still a high influx of customers being impacted.
Microsoft's team is still working on a global and permanent fix.
Cisco continues submitting evidence to Microsoft that will be used for finding a resolution ASAP.
ETA for next update: Monday, October 11th, 2021.
Posted Oct 05, 2021 - 17:43 EDT
Update
Estimated time to resolve: Microsoft expects this issue to be completely resolved for all affected users by Friday, October 1, 2021.

Root cause: Due to the underlying machine learning logic utilized by Microsoft's anti-spam service, messages incorrectly identified as phish resulted in a poor reputation score for the sender and thus impact.
Posted Sep 27, 2021 - 19:27 EDT
Identified
The issue has been identified and a fix is being pursued.
Posted Sep 27, 2021 - 13:02 EDT
Investigating
Cisco TAC has been receiving reports about email delivery issues when using CRES service, ESA on box encryption, and encryption portal service. If the end-users use Microsoft Outlook or O365 as the client, the encrypted emails are being classified as "High Confidence Phish" by Microsoft and either quarantined or sent to the Junk folder.



Who does it affect?

This only affects our customers who are using Cisco’s encryption service and sending encrypted emails to their clients/customers who use Microsoft O365. Clients using other email clients or services are not affected.



What is Cisco doing?

Cisco is continuing to work with Microsoft to address this issue.



What should customers do?

Microsoft will only respond to its own customers. If you are experiencing issues with the delivery of secure messages to Microsoft customers, we ask that you have your recipients escalate the issue to Microsoft.
Posted Sep 24, 2021 - 17:36 EDT
This incident affects: Cisco Secure Email Encryption Service.