Microsoft 365 Alert – Service Degradation – Exchange Online – Some users’ email messages including specific URLs may be being flagged as phishing and quarantined in Exchange Online – RESOLVED

21/06/2024 08:48:00 AM

NHSmail Reference: INC43812033

Microsoft Reference: EX803530

Issue Status: RESOLVED

Issue Description: Users’ email messages including specific URLs may be incorrectly flagged as phishing and quarantined in Exchange Online

Final Update: 25/06/2024 08:32:00 AM –  Microsoft’s extended service monitoring has confirmed that following their removal of affected messages from quarantine and their delivery to intended recipients, impact has been remediated.

Scope of impact: Any user with messages including the URLs with the affected domains may be impacted by this event.

Root cause: A recent change caused domain creation dates to be identified as newly created, which is causing reputation issues with our phishing detection systems, and any messages containing the URLs with the affected domains are being flagged as phishing and quarantined.

Next steps: Microsoft are further analyzing the offending service update to better understand the problems it produced to the domain creation dates and so they can help identify similar issues during their pre-deployment testing and validation processes.