Forum Discussion

Brok3NSpear's avatar
Brok3NSpear
Brass Contributor
Apr 25, 2024

Sent from Outlook for iOS links Being Quarantined in Defender

Hi,   Microsoft seem to be falsely flagging their own shortening URL for hxxps://aka.ms/o0ukef as High Confidence Phishing   This is the link that is created in emails when a user sends an email ...
microsoft defender for office 365
threat intelligence
its_Tricky83's avatar
its_Tricky83
Copper Contributor
Jun 13, 2024
The issue is occurring again and causing massive impact!
Yesterday, today and ongoing we are suddenly seeing any emails that contain the link https://aka.ms/o0ukef being quarantined as 'High Confidence Phish'.
Brok3NSpear's avatar
Brok3NSpear
Brass Contributor
Jun 13, 2024

its_Tricky83 

 

Haven't started to see this yet again in our tenant (UK) but will keep an eye out for it.

 

Thanks for the heads up

 

UrjaGandhi FYI for new events being reported by users

 

 

  • its_Tricky83's avatar
    its_Tricky83
    Copper Contributor
    Jun 13, 2024

    Long story short, looks like our issue might have been caused by an external vendor accidentally adding an incorrect Defender Tenant Block rule.. It's been a painful cleanup!

Resources