Microsoft is actively resolving a service issue that prevented some Exchange Online users from receiving one-time passcodes (OTPs) required to access encrypted emails. The disruption was caused by a DNS misconfiguration affecting the domain responsible for sending these OTPs.
The issue impacted recipients using external email providers like Gmail and Yahoo, who rely on single-use passcodes to view encrypted messages via the Office 365 Message Encryption portal.
According to a recent service alert in the Microsoft 365 admin center, the DNS records for the domain that dispatches these OTP messages became misconfigured. This led to delivery failures, particularly for users with systems that enforce DNS checks on incoming emails.
“Some users expecting to receive OTP email messages for encrypted email messages in Exchange Online may be impacted,” Microsoft noted. “We’ve corrected the DNS record configurations and are reaching out to a sample of affected users to confirm whether the impact is remediated.”
The company classified the issue as critical, reflecting its broad impact across multiple users and organizations.
This incident adds to a growing list of DNS-related outages Microsoft has faced. Notably, in February 2025, a DNS error caused Entra ID authentication failures, and in August 2023, a misconfigured DNS SPF record led to global Hotmail email delivery problems. In April 2021, a code defect overloaded Azure DNS servers, causing a massive service disruption.
Microsoft is continuing to monitor the situation and will share further updates once full functionality is confirmed.
