For the last few days every single email my users have gotten that says "So-and-so sent you a Teams Message" (sent from noreply@email.teams.microsoft.com) has gotten flagged as "Email messages containing malware removed after delivery" by O365 Security & Compliance. This has resulted in over 1,000 informational alerts in my console (https://protection.office.com/viewalerts). Is anyone else plagued by this? I'm opening a support ticket tonight.
Severity
Informational
Threat type
Malware and Malicious
Details
Emails with malware that were delivered and later removed -V1.0.0.3
By the time this alert was triggered, the following 1 user received Malware and Malicious mail matching the conditions of your alert policy: user@contoso.com
Was a regression introduced in a recent rule update, they have since resolved it. Details are in EX189242 on your SHD. If you are still seeing messages being ZAPed, make sure to open a support case and report it.
From what you explained it could be false positive and I suggest check this with support team. Also check and see if there was any malicious files associated with your posts?
Was a regression introduced in a recent rule update, they have since resolved it. Details are in EX189242 on your SHD. If you are still seeing messages being ZAPed, make sure to open a support case and report it.
