Microsoft may want to look into this issue a bit more deeply as soon as it can.
The tech giant recently posted a statement on Twitter that its engineers are investigating and formulating a solution to the problem of Microsoft Defender falsely tagging legitimate URLs as malicious.
Microsoft has since fixed the issue, though the fix may not be as effective as the company thinks it is.
Microsoft Defender False Positive Flags Details
Windows 365 users in the US experienced something troubling. According to a Reddit post under the r/sysadmin subreddit, people are getting email alerts warning them about the links they're opening as malicious despite them being legitimate in the first place.
While the email sent to them by Microsoft Defender is legitimate, any attempt to browse the security portal errors out, preventing users from informing themselves of what's going on.
The problem persisted; eventually, Microsoft caught wind of it. In the statement Microsoft posted on its official Microsoft 365 Status Twitter account, it was investigating an issue where Microsoft Defender is incorrectly marking legitimate URL links as malicious.
It is also investigating some of the alerts it sends through email not showing content as expected, addressing the issue where users error out of accessing the security portal to know more about the alleged issue Microsoft Defender protected them from.
Bleeping Computer reported that Microsoft added an update to its Microsft 365 Admin Center portal confirming that administrators would likely receive an increased number of high-severity alert email messages that say, "A potentially malicious URL click was detected," and that "admins may be unable to view alert details using the 'View alerts' link in the emails," per The Register.
A handful of hours later, Microsoft mentioned it started reviewing diagnostics like network telemetry data to verify the issue's root cause and identify a path to resolve it. Shortly after, the company announced that the recent additions to the SafeLinks feature resulted in the false alerts Windows 365 users are receiving and have subsequently reverted them to fix the issue.
Microsoft defender's Status So Far
While Microsoft issued a solution to the problem, not all users managed to get it early on. Many Windows 365 users flooded the previously mentioned Reddit thread to share their experience of the issue even after Microsoft launched the solution.
Some are saying that while they received alerts, they held no link, email subject, or even message details except a timestamp.
Some are still getting flooded with alerts of false positive malicious links, and other people are saying that the problem relapsed, with them blaming Microsoft's slow rollout of its solution to fix it.
Unfortunately, people are still receiving false positive alerts five hours after Microsoft released what Windows 365 users need to fix the issue, though the Reddit thread has been quiet for at least four hours as of press time.