Microsoft 365 Alert: Service degradation – OneDrive for Business – Users will see a frozen white screen when attempting to sign into the OneDrive for Business sync app – RESOLVED

Announcements Aftab Alam

23-09-2021 08:38:00 AM (BST)

Issue Reported : 13/09/2021 08:26:00PM

Microsoft Reference : OD286672

NHSmail Reference : INC24011480

Issue Status: RESTORED

Issue Description: Users will see a frozen white screen when attempting to sign into the OneDrive for Business sync app.

More info: This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.

This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.

Microsoft confirmed that users with Mobile Device Management (MDM) enabled devices can add the following reg key as a workaround: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 2767781516 /t REG_DWORD /d 0 /f

Microsoft also confirmed with affected users that disabling Export Address Filtering (EAF) is a potential workaround to alleviate the impact. Admins who wish to do so can navigate to Windows Security > App & Browser Control > Exploit Protection Settings > Program Settings > OneDrive.exe > Turn off Export Address Filtering (EAF) and mitigate the impact.

Alternatively, this issue can be mitigated using Known Issue Rollback (KIR):

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831.

For enterprise-managed devices that have installed an affected update and encountered this issue, it can be mitigated by installing and configuring a special Group Policy installed via an MSI file available for:

– Windows 10, version 1809 and Windows Server 2019: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi

– Windows 10, version 1909: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi

– Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(2004%20,%2020H2%20and%2021H1)%20Known%20Issue%20Rollback%20091721%2001.msi

– Windows Sever 2022: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%20Server%202022%20Known%20Issue%20Rollback%20091821%2001.msi

Note: Devices will need to be restarted after configuring the special Group Policy. For help, please see the following:

https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback

For general information on using Group Policies, see:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11)

Please note that many Mobile Device Management (MDM) customers can’t deploy group policies. Customers unable to deploy group policy settings for the KIR should open support cases for further assistance.

Scope of impact: This issue could have affected any user attempting to sign into the OneDrive for Business sync app if their organization leveraged Exploit Protection (EP) and Export Address Filtering (EAF) settings for applications and had applied KB5005565 update.

Final Update – 30/10/2021 08:33:00 AM: After an extended period of monitoring, and several confirmations that impact had been remediated from previously impacted users, Microsoft declared the incident resolved.