_story.jpg)
Every once in a while, Microsoft Defender goes rogue, often ending up flagging legitimate files or URLs as malicious files or links. Today happens to be such a day as Microsoft has confirmed that Defender is causing such issues at the moment. As a result, sysadmins will be receiving a very high volume of such false email security alerts. Over on the Microsoft 365 Status Twitter handle, the Redmond company has announced the bug and provided additional details regarding the bug. The issue can be tracked under "DZ534539" in the Microsoft 365 Admin Center portal.
We're investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected. Further details can be found under DZ534539 within the admin center.
— Microsoft 365 Status (@MSFT365Status) March 29, 2023
Over on Reddit, IT and system administrators are also discussing about the problems and in one of the threads, user x-64 has shared details about DZ534539:
DZ534539
Title: Admins may be receiving an unexpected amount of high severity alert email messages
User impact: Admins may be receiving an unexpected amount of high severity alert email messages.
More info: The high severity alert emails refer to 'A potentially malicious URL click was detected'. Additionally, admins may be unable to view alert details using the 'View alerts' link in the emails.
Current status: We're reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan.
Scope of impact: Impact is specific to any admin served through the affected infrastructure.
We will keep you posted on further developments.
- alf9872000
-
1
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.