Duplicate Ticket Creation in Jira Service Management DC due to Microsoft's Advanced Threat Protection (ATP) in Dynamic Delivery mode
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Jira Service Management users with Microsoft Office 365's email system may experience an issue where duplicate tickets or comments are created. This problem arises when Microsoft's Advanced Threat Protection (ATP) marks emails as unread after scanning their attachments, causing Jira Service Management to process the same email multiple times.
Environment
- Jira DC
- Microsoft Outlook for Office 365 with Advanced Threat Protection (ATP) in Dynamic Delivery mode
Diagnosis
- Check if your organization is using Microsoft Office 365's email system with the Advanced Threat Protection (ATP) feature enabled and set in Dynamic Delivery mode.
- Identify if emails with attachments are being marked as unread after ATP scans the attachments.
- Confirm that duplicate tickets or comments are being created in Jira Service Management, processed within a minute of each other, with the same sender and subject.
- Review the mail handler logs in Jira Service Management. Look for instances where the same email is processed twice within a 1-minute interval.
Cause
The root cause of this problem revolves around the interactions between Jira Service Management's Email Processor and Microsoft's Advanced Threat Protection (ATP) in Dynamic Delivery mode. Here's a step-by-step breakdown of what happens:
- The Jira Service Management Email Puller identifies unread emails in the mail handler's inbox.
- These unread emails are processed by Jira Service Management Email Processor, and subsequently marked as read.
- Microsoft's ATP, operating in Dynamic Delivery mode, then starts to scan the attachments of these now-read emails.
- After ATP completes the attachment scan, it marks these emails as unread again.
- The JSM Email Puller, continuing its cycle of looking for unread emails every minute, identifies these emails as new, unread emails.
- The same emails are processed again by JSM Email Processor, leading to the creation of duplicate tickets/comments.
Solution
To resolve this issue, you need to change the ATP scan mode from Dynamic Delivery to a mode that delays the delivery of the email until the attachment scan is completed. This will prevent emails from being marked as unread after scanning, thereby stopping Jira Service Management from processing the same email multiple times.
Follow the steps in this guide to change the ATP scan mode: Use the Microsoft 365 Defender portal to enable or disable custom Safe Attachments policies
Please note that as this involves changing settings in your Microsoft Office 365 configuration, it's recommended that you consult with your IT or system administrator before making these changes.
Additional Resources
- Dynamic Delivery mode
- Jira Service Management - Troubleshooting why the JSM Mail Handler stopped processing new incoming emails
- Use the Microsoft 365 Defender portal to enable or disable custom Safe Attachments policies