Check the certificate through "view certificate". Check validity, common name and SAN fields. Are they correct? if so, and the issue just surfaced, just wait. It may be transient. I met some of these errors myself and they disappeared after a while.
Not nice, but no means to investigate further since the error went away in an handful of hours

either they to recreate the profile or reboot the computers if these mailboxes are in o365.

It is actually a valid Cert.

In Details tab you'll find additional info. Also you can check here the office url. Is it the same cert?
https://www.sslshopper.com/ssl-checker.html?

In my case it was not but the issue disappered by itself.

There was a known issue that caused this last week (EX148344 ), it seems to be still recurring. I've pinged some folks on this, and you should open a support ticket in the portal to have this prioritized.

As the cert dies seem valid, can you also check any intermediates and the root?

I do not see anywhere that MS resolved the issue. We still getting the popp ups all over.

I found the issue on the portal by looking for the EX148344 (see attachment).  MS claims that they resolve the issue...
EX148344_en-us_docx.docx

MS came with the "fix" by adding the registry entry "ExcludeHttpsRootDomain" with value 1 in  Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover -- but still an issue...

https://outlook.office365.com is running both TLSv1.0 + TLSv1.1 which many sites + email clients + browsers have deprecated, reporting sites running these protocols as suspicious.

That's my guess.

There's nothing you can do about this, unless you're an admin on this site + can correct the SSL config to crop both these old/deprecated protocols.

Likely best to open a support ticket asking them to fix their SSL config

It’s got to be a way to fix it…
Here what found out: if I take users device out of my network (literally anywhere) everything works great and no pop ups. Once I put it back the security message will came back no matter machine joined to domain or not.

MS "found" the old case that related to many hops (routs) the packet travels via ISP. They claim that this is the ISP issue. In my case it is Comcast. I trace the packet from my home and from work environment. I have the way higher performance the lowest latency at the work place than home and almost no differences between the probes at work comparing home network. I do not believe the issue related to ISP, but I will wait on MS when they send me a proof.

I think the MS person you spoke with is highly confused.

Number of hops + link speed have no correlation to an SSL error.

Yeah...
The strange part is that no issues outside of domain....

Hey David,
What tool do you use scanning the https://outlook.office365.com? Thank you

Thank you all for your help!!!

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: 'David Favor' (https:#a42691846)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer