Microsoft 365 Alert – Service Degradation – Exchange Online – Admins may see inconsistent URLs within some Microsoft Defender for Office 365 experiences – RESOLVED

05/05/2023 09:00:00 AM (GMT)

NHSmail Reference : INC35677154

Microsoft Reference : EX550453

Issue Status : RESOLVED

Issue Description : Admins may see inconsistent URLs within some Microsoft Defender for Office 365 experiences.

More Info : Inconsistent URL details are seen within Threat Explorer, Email Entity Page, and the Email Entity Summary Panel Integrations within the Microsoft 365 Defender portal for recent events, which include the following summary panel integrations:

– Threat Explorer
– Advanced Hunting
– Reporting
– Quarantine
– Submissions
– Alerts
– Unified Action Center

Additionally, Explorer URL queries and automated investigation and response (AIR) may also be impacted for recent events. Alert and investigation views may not show URLs and investigation may not find all URLs with emails consistently.

The protection and filtering stack, quarantine, zero-hour auto purge (ZAP), Advanced Hunting URL data/hunting and the remainder of Microsoft Defender for Office 365 experiences are unimpacted.

Final Update : 08/05/2023 08:55:00 AM – Microsoft have deployed a fix to the affected environment and confirmed through their telemetry that the impact was remediated.

Scope of impact : This issue can potentially impact any admin attempting to review the experiences mentioned within the More info section.

Root cause : A recent service update is causing a discrepancy within our logging process, causing limitations with how recent URLs are logged.

Next steps : Microsoft are continuing their analysis of the service update to better understand what triggered the issues with the logging process which will help them to avoid similar problems in the future.