Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five hours ago.
As the company confirmed earlier today on Twitter, its engineers are investigating this service incident as a false positive.
“We’re investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected,” Microsoft said.
“We’ve confirmed that users are still able to access the legitimate URLs despite the false positive alerts. We’re investigating why and what part of the service is incorrectly identifying legitimate URLs as malicious.”
In an update added to the Microsoft 365 Admin Center portal, Redmond confirmed that admins would likely receive an increased number of high-severity alert email messages saying that ‘A potentially malicious URL click was detected.’
The company also confirmed reports of issues accessing the alerts’ details when clicking the ‘View alerts’ link in the emails.
“We’re reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” Microsoft added. “Impact is specific to any admin served through the affected infrastructure.”
Earlier today, Redmond issued another service degradation advisory via the admin center portal, notifying admins that the alerts and Incidents pages might be inaccessible.
We’ve confirmed that users are still able to access the legitimate URLs despite the false positive alerts. We’re investigating why and what part of the service is incorrectly identifying legitimate URLs as malicious. Further details are under DX534539 within the admin center.
— Microsoft 365 Status (@MSFT365Status) March 29, 2023
This is a developing story …