Some Microsoft Outlook users experience login issues when their IT infrastructure uses Microsoft SafeLinks. This feature, part of Microsoft Defender for Office 365, scans URLs within emails to protect users from malicious sites or files. However, it can also inadvertently cause login problems.
The Problem
Affected users report seeing the error message: "You have already requested a login email in the last 5 minutes. Please check your inbox or wait a few minutes before trying again." The common factors among these users include:
All share the same Microsoft IP address.
No cookies are stored from our site.
The Likely Cause
Microsoft SafeLinks seems to be the root of the issue. Here’s how it likely happens:
URL Scanning by SafeLinks: When a user receives a login email with a magic link, SafeLinks scans the URL before the user clicks it.
Preemptive Site Visit: This scanning process involves Outlook accessing the link to check its safety, which appears as a visit from a Microsoft-based IP address assigned to
*.protection.outlook.com.Triggered Login Attempt: This preemptive visit counts as a login attempt, leading to multiple requests from the same IP address in quick succession.
Since SafeLinks hits the URL first, the system records this as a login attempt, preventing the user from logging in immediately after.
The Solution
To resolve this issue, we've implemented an alternative login method using a 6-digit access code. Users can now opt for this code instead of relying solely on the magic link in their email.
Steps for Users
Request a Login Code: Instead of clicking the magic link provided in the login email, instead, use the 6-digit access code provided.
Enter the Access Code: Use the code to log in securely without triggering the SafeLinks scan.
Conclusion
While Microsoft SafeLinks provides an essential security layer, it can cause unintended login issues for users. By offering an alternative login method with a 6-digit access code, we aim to ensure a seamless and secure login experience for all users.