Use Cases
Software Products MSPs Schools Development & Marketing DevOps Agencies Help Desk
 
Internet Status Blog Pricing Log In Try IsDown for free now

Outage in Cisco Web Security

Urgent ESA Issue - 2021-09-24-1

Resolved Major
September 24, 2021 - Started over 4 years ago - Lasted 28 days
Official incident page

Incident Report

Cisco TAC has been receiving reports about email delivery issues when using CRES service, ESA on box encryption, and encryption portal service. If the end-users use Microsoft Outlook or O365 as the client, the encrypted emails are being classified as "High Confidence Phish" by Microsoft and either quarantined or sent to the Junk folder. Who does it affect? This only affects our customers who are using Cisco’s encryption service and sending encrypted emails to their clients/customers who use Microsoft O365. Clients using other email clients or services are not affected. What is Cisco doing? Cisco is continuing to work with Microsoft to address this issue. What should customers do? Microsoft will only respond to its own customers. If you are experiencing issues with the delivery of secure messages to Microsoft customers, we ask that you have your recipients escalate the issue to Microsoft.

Need to monitor Cisco Web Security outages?

  • Monitor all your external dependencies in one place
  • Get instant alerts when outages are detected
  • Be the first to know if service is down
  • Show real-time status on private or public status page
  • Keep your team informed
Start monitoring for free
Latest Updates ( sorted recent to last )
RESOLVED over 4 years ago - at 10/22/2021 07:37PM

Microsoft updated its Spam engine and rules earlier this week, and the customers we've heard from have reported this issue as now solved. We're sending the all-clear and marking this incident resolved. If you have any further concerns, please reach out to Cisco TAC.

MONITORING over 4 years ago - at 10/12/2021 12:15AM

Microsoft continues working on their machine learning algorithm to categorize encrypted envelopes accurately.
Microsoft's team is still working on a global and permanent fix.
Cisco continues submitting evidence to Microsoft for accelerating their machine learning input.
Cisco suggest to set up SPF, DKIM and DMARC records to mitigate the impact.
ETA for next update: Monday, October 18th, 2021.

IDENTIFIED over 4 years ago - at 10/05/2021 09:43PM

Despite Microsoft deploying a workaround last Friday, October 1st, 2021, there is still a high influx of customers being impacted.
Microsoft's team is still working on a global and permanent fix.
Cisco continues submitting evidence to Microsoft that will be used for finding a resolution ASAP.
ETA for next update: Monday, October 11th, 2021.

IDENTIFIED over 4 years ago - at 09/27/2021 11:27PM

Estimated time to resolve: Microsoft expects this issue to be completely resolved for all affected users by Friday, October 1, 2021.

Root cause: Due to the underlying machine learning logic utilized by Microsoft's anti-spam service, messages incorrectly identified as phish resulted in a poor reputation score for the sender and thus impact.

IDENTIFIED over 4 years ago - at 09/27/2021 05:02PM

The issue has been identified and a fix is being pursued.

INVESTIGATING over 4 years ago - at 09/24/2021 09:36PM

Cisco TAC has been receiving reports about email delivery issues when using CRES service, ESA on box encryption, and encryption portal service. If the end-users use Microsoft Outlook or O365 as the client, the encrypted emails are being classified as "High Confidence Phish" by Microsoft and either quarantined or sent to the Junk folder.



Who does it affect?

This only affects our customers who are using Cisco’s encryption service and sending encrypted emails to their clients/customers who use Microsoft O365. Clients using other email clients or services are not affected.



What is Cisco doing?

Cisco is continuing to work with Microsoft to address this issue.



What should customers do?

Microsoft will only respond to its own customers. If you are experiencing issues with the delivery of secure messages to Microsoft customers, we ask that you have your recipients escalate the issue to Microsoft.

Latest Cisco Web Security outages

Urgent ESA Issue - 2023-01-14-1 - about 3 years ago
[Reminder] Urgent ESA, SMA, and WSA Field Notice | FN - 72502 - about 3 years ago
Urgent ESA, SMA, and WSA Field Notice - 2022-12-05 - about 3 years ago
Urgent ESA Issue - 2022-09-08-1 - over 3 years ago
Urgent ESA Issue - 2022-09-02-1 - over 3 years ago

The Status Page Aggregator with Early Outage Detection

With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.

Start free trial

No credit card required · Cancel anytime · 5850 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook