Thanks. The more information the better we will be off.

ok, so turned  off and on after a few minutes, i did both  AMP and IDP   and all my broke apps started to work again,    in my case all the affected apps  are  in house devs,  so this issue may expand further than just MS apps.

We saw multiple apps affected. Duo, Datto RMM, Infor, Microsoft, Anyconnect because it uses Azure AD to authenticate, etc... Hated the lack of information in Microsoft's incident and Meraki's posture, the impact of that rule should have been assessed correctly.

Turning IPS off and back on again does not appear to have fixed all of our customers.

I think I'll just turn IPS off for a couple of hours till the new signature updates roll out.

hello guys 

we got the below explanation from Meraki support engineer. actually, there is no enough information. but you can just take a look. 

https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/15...

https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2022-35748

Also  you can see following popup on Meraki dashboard. 

10-Aug-2022: We have received reports of customers experiencing select Microsoft 365 service outages because of Snort rule 1-60381 blocking CVE-2022-35748. The Snort rules have been removed to reduce the impact. A fix has been pushed out at and any pending issues should auto-resolve by 3:00PM PST

We just tried a couple of apps about 10 minutes ago and No Joy!

Even though its way past 3 PM PST and they mentioned that no config changes are required, We are still unable to access those apps and our Security center is still shows numerous blocks to the same signature!

Hello @Dee120  unfortunately new announcement  is below 

'10-Aug-2022: We have received reports of customers experiencing select Microsoft 365 service outages because of Snort rule 1-60381 blocking CVE-2022-35748. The Snort rules have been removed to reduce the impact. A fix has been pushed out and any pending issues should auto-resolve by 6:00PM PST.'