MO255463: Some users are seeing legitimate email quarantined/marked as malicious in Exchange Online Protection & Defender for Office 365

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

microsoft-exchange-logo

If your inbox has been a bit quiet recently, this may be the reason why.  Microsoft has issued an advisory (MO255463) informing admins that some users are seeing legitimate email quarantined/marked as malicious in Exchange Online Protection & Defender for Office 365.

The issue started at 1 am on the 10th May.

Microsoft noted that this has been associated with:

  • An increase in the number of URL related alerts for non-malicious URLs.
  • An increase in the number of Zapped Phish AIR investigations within Microsoft Defender for Office
  • Legitimate Emails being marked as malicious within Threat Explorer.
  •  Delays in getting the latest email information within Threat Explorer.

Microsoft says they have identified a recent change in the infrastructure that serves these scenarios that inadvertently caused an impact to the service. The root cause was legitimate URLs being incorrectly listed within Microsoft’s detection rules, resulting in impact.

Microsoft has deployed a fix, and are currently in the process of releasing the quarantined email.

via BleepingComputer

More about the topics: exchange, microsoft