Every so often, Microsoft Defender starts acting out and won't do what it is told to. There have been many instances in the past whereby Microsoft's security suite flags legitimate software as malware. And it seems that Defender is at it again.
This time, Microsoft Defender is flagging legit URLs and files as malicious links. Microsoft has confirmed this issue and says the suite is flagging these files randomly. System admins will therefore be seeing plenty of high-volume warnings from Defender as all legit files will be flagged.
Microsoft Defender is issuing false security alerts via email. On the Microsoft 365 Status page on Twitter, the company says the bug is tracking as “DZ534539” and admins can follow it through the Microsoft 365 Admin Center.
Microsoft later returned to the M365 Status Twitter handle to update the situation, saying that changes to the SafeLinks feature in Defender caused the flaw.
We determined that recent additions to the SafeLinks feature resulted in the false alerts and we subsequently reverted these additions to fix the issue. More detail can be found in the Microsoft 365 admin center under DZ534539.
— Microsoft 365 Status (@MSFT365Status) March 29, 2023
Title: Admins may be receiving an unexpected amount of high severity alert email messages
User impact: Admins may be receiving an unexpected amount of high severity alert email messages.
More info: The high severity alert emails refer to ‘A potentially malicious URL click was detected'. Additionally, admins may be unable to view alert details using the ‘View alerts' link in the emails.
Current status: We're reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan.
Scope of impact: Impact is specific to any admin served through the affected infrastructure.
We will keep you posted on further developments.”
Tip of the day: File History is a Windows back up feature that saves each version of files in the Documents, Pictures, Videos, Desktop, and Offline OneDrive folders. Though its name implies a primary focus on version control, you can actually use it as a fully-fledged backup tool for your important documents.