The authentication links that MSBA emails to end users are one-time-use only. Certain email security platforms like ones made by Barracuda or Mimecast are capable of crawling these authentication links, thereby invalidating the link and preventing the end user from logging in to MSBA.org. The solution to this is to configure these systems to bypass URL scanning for authentication emails sent from MSBA.
For Barracuda: Add *.msba.org to the “Link Protection Domain Whitelist” field under “Mail Security”.
For Mimecast: Under Administration -> Gateway | Policies -> URL Protection Bypass, create a URL Protection Bypass policy with the option “Disable URL Protection” for email addresses based on msba.org.
Refer to your mail security system’s documentation for more specific instructions.