Correct TTL value for domain MX record

Hi knowledgeable,

Should be 60 mins.

Is 60 minutes the recommended setting for an Office 365 domain?

What happens if it is set higher?

The organization I am currently working for has it set to 24 hours. Will that present a problem or a security risk?

In you office 365 admin centre you can run the domain verification tool which will tell you what ttl to use for mx records.

The organization I am currently working for has their email domain MX record set to 24 hours. Will that present a problem or a security risk?

We often set it as 3600 seconds ~ 1 hour

Frankly, there isn't any "correct" setting.  Whatever setting doesn't impact security at all.  A shorter TTL will result in more DNS queries, but has the advantage that if any change to the record is made, clients will generally be aware of the change sooner.  A longer TTL has the advantage that if the authoritative DNS server for the record is unavailable for a while, fewer clients will generally be impacted.

I say "generally" above, because whether it's a short TTL or long TTL, for a specific client, how long the record has left in the cache before a new query is sent depends on when the last query was the resulted in the record being cached.  In other words, even though a record may have a TTL of 24 hours, at a given time it may have only a few seconds before that time is up and it will have to query the DNS servers again.