Microsoft ATP Creating Duplicate Jira Service Management Tickets
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
Summary
Jira Service Management Cloud users with Microsoft Office 365's email system may experience an issue where duplicate tickets or comments are created. This problem arises when Microsoft's Advanced Threat Protection (ATP) marks emails as unread after scanning their attachments, causing Jira Service Management to process the same email multiple times.
Environment
- Jira Service Management Cloud
- Microsoft Outlook for Office 365 with Advanced Threat Protection (ATP) in Dynamic Delivery mode
Diagnosis
- Check if your organization is using Microsoft Office 365's email system with the Advanced Threat Protection (ATP) feature enabled and set in Dynamic Delivery mode.
- Identify if emails with attachments are being marked as unread after ATP scans the attachments.
- Confirm that duplicate tickets or comments are being created in Jira Service Management, processed within a minute of each other, with the same sender and subject.
- Review the mail handler logs in Jira Service Management. Look for instances where the same email is processed twice within a 1-minute interval.
Cause
The root cause of this problem revolves around the interactions between Jira Service Management's Email Processor and Microsoft's Advanced Threat Protection (ATP) in Dynamic Delivery mode. Here's a step-by-step breakdown of what happens:
- The Jira Service Management Email Puller identifies unread emails in the mail handler's inbox.
- These unread emails are processed by Jira Service Management Email Processor, and subsequently marked as read.
- Microsoft's ATP, operating in Dynamic Delivery mode, then starts to scan the attachments of these now-read emails.
- After ATP completes the attachment scan, it marks these emails as unread again.
- The JSM Email Puller, continuing its cycle of looking for unread emails every minute, identifies these emails as new, unread emails.
- The same emails are processed again by JSM Email Processor, leading to the creation of duplicate tickets/comments.
Solution
To resolve this issue, you need to change the ATP scan mode from Dynamic Delivery to a mode that delays the delivery of the email until the attachment scan is completed. This will prevent emails from being marked as unread after scanning, thereby stopping Jira Service Management from processing the same email multiple times.
Follow the steps in this guide to change the ATP scan mode: Use the Microsoft 365 Defender portal to enable or disable custom Safe Attachments policies