If your inbox has been a bit quiet recently, this may be the reason why. Microsoft has issued an advisory (MO255463) informing admins that some users are seeing legitimate email quarantined/marked as malicious in Exchange Online Protection & Defender for Office 365.
The issue started at 1 am on the 10th May.
Microsoft noted that this has been associated with:
- An increase in the number of URL related alerts for non-malicious URLs.
- An increase in the number of Zapped Phish AIR investigations within Microsoft Defender for Office
- Legitimate Emails being marked as malicious within Threat Explorer.
- Delays in getting the latest email information within Threat Explorer.
Microsoft says they have identified a recent change in the infrastructure that serves these scenarios that inadvertently caused an impact to the service. The root cause was legitimate URLs being incorrectly listed within Microsoft’s detection rules, resulting in impact.
Microsoft has deployed a fix, and are currently in the process of releasing the quarantined email.