noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

%3CLINGO-SUB%20id%3D%22lingo-sub-831949%22%20slang%3D%22en-US%22%3Enoreply%40email.teams.microsoft%5B.%5Dcom%20is%20detected%20as%20a%20malware%20they%20are%20coming%20from%20MS%20IPs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-831949%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20received%20a%20lot%20of%20alerts%20coming%20from%20O365%20that%20this%20email%20address%20sender%3A%3CBR%20%2F%3E%3CSPAN%3Enoreply%40email.teams.microsoft%5B.%5Dcom%26nbsp%3B%3C%2FSPAN%3Eis%20sending%20email%20with%20malware%20content%2C%20by%20investigating%20the%20alerts%2C%20we%20can%20see%20all%20the%20originating%20IPs%20are%20coming%20from%20Microsoft%2C%20only%20one%20IP%20is%20not%20registered%20as%20permitted%20sender%20but%20it%20is%20still%20a%20Microsoft%20IP.%20are%20you%20aware%20of%20a%20similar%20issue%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-831949%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-832430%22%20slang%3D%22en-US%22%3ERe%3A%20noreply%40email.teams.microsoft%5B.%5Dcom%20is%20detected%20as%20a%20malware%20they%20are%20coming%20from%20MS%20IPs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-832430%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20a%20known%20issue%2C%20and%20something%20Microsoft%20has%20fixed%20since.%20You%20can%20get%20more%20info%20from%20the%20SHD%2C%20incident%26nbsp%3B%3CSPAN%20class%3D%22css-729%22%20title%3D%22EX189242%22%20data-is-focusable%3D%22true%22%3EEX189242%3C%2FSPAN%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1416166%22%20slang%3D%22en-US%22%3ERe%3A%20noreply%40email.teams.microsoft%5B.%5Dcom%20is%20detected%20as%20a%20malware%20they%20are%20coming%20from%20MS%20IPs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1416166%22%20slang%3D%22en-US%22%3EThanks%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1994921%22%20slang%3D%22en-US%22%3ERe%3A%20noreply%40email.teams.microsoft%5B.%5Dcom%20is%20detected%20as%20a%20malware%20they%20are%20coming%20from%20MS%20IPs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1994921%22%20slang%3D%22en-US%22%3Ehjjv%20lol%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1994922%22%20slang%3D%22en-US%22%3ERe%3A%20noreply%40email.teams.microsoft%5B.%5Dcom%20is%20detected%20as%20a%20malware%20they%20are%20coming%20from%20MS%20IPs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1994922%22%20slang%3D%22en-US%22%3Elol%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2061491%22%20slang%3D%22en-US%22%3ERe%3A%20noreply%40email.teams.microsoft%5B.%5Dcom%20is%20detected%20as%20a%20malware%20they%20are%20coming%20from%20MS%20IPs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2061491%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3Ethat%20email%20is%20so%20much%20hard%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3Ethat%20email%20is%20so%20much%20hard%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2589259%22%20slang%3D%22en-US%22%3ERe%3A%20noreply%40email.teams.microsoft%5B.%5Dcom%20is%20detected%20as%20a%20malware%20they%20are%20coming%20from%20MS%20IPs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2589259%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F401304%22%20target%3D%22_blank%22%3E%40Beshoy_Iskander%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EMicrosoft%20Teams%20%3CNOREPLY%3E%3CBR%20%2F%3EIs%20this%20teams%20or%20Microsoft%20Official%20mail%20id%20%3F%3C%2FNOREPLY%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E

We have received a lot of alerts coming from O365 that this email address sender:
noreply@email.teams.microsoft[.]com is sending email with malware content, by investigating the alerts, we can see all the originating IPs are coming from Microsoft, only one IP is not registered as permitted sender but it is still a Microsoft IP. are you aware of a similar issue?

Thanks,

6 Replies

It's a known issue, and something Microsoft has fixed since. You can get more info from the SHD, incident EX189242.

Thanks

hjjv lol

lol

Spoiler

that email is so much hard

@Beshoy_Iskander
Microsoft Teams <noreply@account-microsoft365.com>
Is this teams or Microsoft Official mail id ?

noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

Re: noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

Re: noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

Re: noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

Re: noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

Re: noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

Re: noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs

Products (75)

Special Topics (41)

Video Hub (738)

Most Active Hubs

Most Active Hubs

Video Hub

noreply@email.teams.microsoft[.]com is detected as a malware they are coming from MS IPs