On Wednesday, March 30, the popular antivirus platform Microsoft Defender started sending “High-severity alert” to the email address of administrators. A glitch triggered the alert when employees attempted to access legitimate links, including Zoom and some Google links.
Microsoft confirmed on Twitter yesterday that its engineers are investigating the incident. According to Microsoft, “the recent additions to the SafeLinks feature resulted in the false alerts and we subsequently reverted these additions to fix the issue. More detail can be found in the Microsoft 365 admin center under DZ534539.”
As an administrator on Microsoft 365, get updates on these false positives by going to the Microsoft 365 admin center and looking at DZ534539.
To get to the Microsoft 365 admin center, go to admin.microsoft.com or, if already signed in, select the app launcher, and choose Admin.
Below is a screenshot of a false positive alert received yesterday: