Office 365 Monitoring - Service Outages Blog

Microsoft Defender Falsely Identifying URLs as Malicious

Written by ENow Software | Mar 29, 2023 3:56:58 PM

On March 29, 2023, at approximately 8:04 AM ET, Microsoft tweeted via their account @MSFT365status that they were investigating an issue in which some non-malicious URL links were being incorrectly marked as malicious by Microsoft Defender.

For system administrators and IT professionals who have access to the Microsoft Admin Center, the service incident number to reference was DZ534539.

 

 

Feedback and responses from the Twitter community were immediate, many voicing complaints and frustration as to the frequency of outages and service incidents. As you may recall, a similar service incident (Microsoft service incident numbers EX533537 and TM533635) occurred just two days ago (March 27th) in which Safe Links (Microsoft Defender) was causing delays or failures when users tried to open safe URLs.

Some community responses on Twitter from IT professionals suspected that ChatGPT and Microsoft's new AI integration may be causing the issue, other IT professionals indicated that, no matter what the cause, the issue at hand was negatively impacting their business operations.

At 9:39 AM ET, approximately 90 minutes from their first message, Microsoft tweeted a second message indicating that they were still investigating the whys and wherefores as to Microsoft Defender marking legitimate URLs as malicious. Microsoft also provided a second service incident number, DX534539.

 

 

At approximately 12:30 PM ET, Microsoft's third message provided little more than what was previously tweeted: that Microsoft was still actively investigating the root cause and no remediation efforts were in place yet.

 

 

Community feedback on social media continued to be split between IT professionals and business leaders genuinely frustrated with the on-going issue and those poking fun at Microsoft's expense.

 

 

By approximately 2:30 PM ET, Microsoft provided an update, this time with a bit more clarity as to the cause. Microsoft was confirming that a recent change to the Safe Links feature was the culprit and that a reversion has already been completed.  As noted previously, a Microsoft Defender Safe Links issue was to blame for the March 27th service incident earlier this week.

 

 

At this time, the Microsoft service incident DZ534539 appears to be resolved. Until the next tweet from @MSFT365status . . . .

 

The Importance of Microsoft 365 Monitoring

In a cloud-world, outages are bound to happen. While Microsoft is responsible for restoring service during outages, IT needs to take ownership of their environment and user experience. It is crucial to have greater visibility into business impacts during a service outage the moment it happens.

ENow’s Microsoft 365 Monitoring and Reporting solution enables IT Pros to pinpoint the exact services effected and root cause of the issues an organization is experiencing during a service outage by providing:

  • The ability to monitor networks and entire environments in one place with ENow’s OneLook dashboard which makes identifying a problem fast and easy without having to scramble through Twitter and the Service Health Dashboard looking for answers.
  • A full picture of all services and subset of services affected during an outage with ENow’s remote probes which covers several Microsoft 365 apps and other cloud-based collaboration services.

Identify the scope of Microsoft 365 service outage impacts and restore workplace productivity with ENow’s Office 365 Monitoring and Reporting solution. Access your free 14-day trial today!