For the last few days every single email my users have gotten that says "So-and-so sent you a Teams Message" (sent from email@example.com) has gotten flagged as "Email messages containing malware removed after delivery" by O365 Security & Compliance. This has resulted in over 1,000 informational alerts in my console (https://protection.office.com/viewalerts). Is anyone else plagued by this? I'm opening a support ticket tonight.
Malware and Malicious
Emails with malware that were delivered and later removed -V18.104.22.168
By the time this alert was triggered, the following 1 user received Malware and Malicious mail matching the conditions of your alert policy: firstname.lastname@example.org
Was a regression introduced in a recent rule update, they have since resolved it. Details are in EX189242 on your SHD. If you are still seeing messages being ZAPed, make sure to open a support case and report it.