Microsoft 365 Alert – Service Degradation – Microsoft 365 suite – Some admins may see incorrect IP addresses logged in their Safe Links reports within the EAC and Microsoft Defender XDR – ONGOING

11/06/2025 08:47:00 AM

NHSmail Reference: INC46550838

Microsoft Reference: MO1090779

Issue Status: ONGOING

Issue Description: Admins may see incorrect IP addresses logged in their Safe Links reports within the EAC and Microsoft Defender XDR.

More info: This impact may manifest for URL protection reports in the Microsoft Defender portal as well as within the Exchange admin center (EAC) and in any cmdlets referencing Safe Links URL click data.

The incorrect IP addresses admins may see in these logs aren’t associated with any other Microsoft 365 users or organizations.

Current Update: 17/06/2025 08:28:00 AM – The development of Microsoft’s solution to address the isolated configuration change requires more time than originally anticipated. After development, a period of internal validations will be conducted so they can assure that the deployment remediates the impact without introducing any unexpected problems to the service. Once their fix has completed development and their validations have started, they are expecting an estimated timeline will be available for the remediation of impact.

Scope of impact: Some admins viewing Safe Links report details within the EAC and Microsoft Defender portal may be impacted.

Root cause: A recent service configuration change introduced as part of an effort to optimize the service to improve the flow of the involved API calls is resulting in impact.

Next update by: Friday, June 20, 2025, at 11:30 PM UTC