Microsoft Defender is mistakenly flagging legit hyperlinks as malicious, and a few prospects have already acquired dozens of alert emails because the points started over 5 hours in the past.
As the corporate confirmed earlier right this moment on Twitter, its engineers are investigating this service incident as a false constructive.
“We’re investigating a problem the place legit URL hyperlinks are being incorrectly marked as malicious by the Microsoft Defender service. Moreover, among the alerts usually are not exhibiting content material as anticipated,” Microsoft said.
“We have confirmed that customers are nonetheless in a position to entry the legit URLs regardless of the false constructive alerts. We’re investigating why and what a part of the service is incorrectly figuring out legit URLs as malicious.”
In an update added to the Microsoft 365 Admin Heart portal, Redmond confirmed that admins would seemingly obtain an elevated variety of high-severity alert electronic mail messages saying that ‘A probably malicious URL click on was detected.’
“We’re reviewing service monitoring telemetry to isolate the foundation trigger and develop a remediation plan,” Microsoft added. “Impression is restricted to any admin served by the affected infrastructure.”
Earlier right this moment, Redmond issued one other service degradation advisory by way of the admin middle portal, notifying admins that the alerts and Incidents pages is perhaps inaccessible.
We have confirmed that customers are nonetheless in a position to entry the legit URLs regardless of the false constructive alerts. We’re investigating why and what a part of the service is incorrectly figuring out legit URLs as malicious. Additional particulars are underneath DX534539 throughout the admin middle.
— Microsoft 365 Standing (@MSFT365Status) March 29, 2023
This can be a growing story …