Updated Many administrators have had a trying Monday after getting spammed out with false malware reports by Microsoft.
In the last hour the Microsoft 365 service center put out an alert on Xitter, oddly, even before sending out the customary 365 Service Alert email, users complained. Others pointed out that the issue was flagged on Reddit more than two hours before Microsoft got around to alerting customers.
"We're investigating an issue in which some users' email messages may be incorrectly flagged as malware and quarantined. More info can be found in the admin center under EX873252," Microsoft posted.
"We identified an issue affecting our malware detection systems. We've implemented a mitigation to unblock legitimate emails that were mistakenly quarantined. The replay of impacted emails is in progress."
- Choose Your Own Adventure with Microsoft 365
- Multiple flaws in Microsoft macOS apps unpatched despite potential risks
- Microsoft to stop telling investors about peformance of server products
- Microsoft services partly down Down Under for Kiwi users
For the moment it seems admins will have to manually unblock legitimate emails. Given the volume of material, and the need for care not to let actual malware through, this might take some time. It also appears that the original EX873252 article has been taken down, although you can see it here.
The issue appears to have kicked off around 0900 ET (1300 UTC), and Britain's National Health Service issued an alert a few hours later. Redmond has reportedly said it is fixing the problem but, while many are reporting the flood of false positives has eased, it doesn't appear that the issue is fully resolved as yet.
One amateur sysadmin sleuth suggests it's down to an issue with the Microsoft Defender Threat Explorer and the PowerShell Get-QuarantineMessage cmdlet.
We'll update this piece when there's a solid statement from Microsoft. ®
Updated at 2000 UTC on August 26
Microsoft claims the 365 issue is fixed in 99% of cases. "Telemetry shows over 99% of impacted emails have been unblocked and automatically replayed," it Xeeted.