Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user"; however, the URLs are confirmed as safe.

Some email messages may also be incorrectly quarantined.

Current status: We're continuing to monitor the service and replaying any residual impacted messages to ensure full resolution. The service continues to remain in a healthy state and we're taking additional time to address any lingering impact as needed. We expect this issue will be resolved by our next scheduled update and will continue to closely watch for any signals of changes.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Wednesday, September 10, 2025, at 6:00 PM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user"; however, the URLs are confirmed as safe.

Some email messages may also be incorrectly quarantined.

Current status: We’ve processed the remaining subset of impacted URLs and are working to address a small number of lingering impacted messages. Overall, the majority of impact has been resolved, and we’ll continue to closely monitor the service to ensure that the issue is fully remediated.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Wednesday, September 10, 2025, at 1:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user"; however, the URLs are confirmed as safe.

Some email messages may also be incorrectly quarantined.

Current status: We've identified a new subset of URLs that are impacted and we're working to address the new set and any residual impacted messages. We are confident that a majority of the impact has been resolved, and we're actively addressing lingering impact while we perform our root cause analysis.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Tuesday, September 9, 2025, at 6:00 PM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user"; however, the URLs are confirmed as safe.

Some email messages may also be incorrectly quarantined.

Current status: We’ve recovered the majority of the email and Teams messages that were incorrectly flagged as malicious spam for containing affected URLs. We’re continuing to validate the scope of impacted URLs in order to fully address any remaining email and Teams messages. In parallel, we're working to identify the root cause and any underlying factors to prevent the issue from occurring again and fully mitigate impact.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Tuesday, September 9, 2025, at 1:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user"; however, the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: We’re continuing our analysis to confirm instances of false positive flagging and to identify the underlying factors preventing full recovery. Steady progress has been made in pinpointing URLs that contribute to false positives, and we're incorporating them into our ongoing mitigation. While some challenges remain in fully recovering these URLs, we’re actively evaluating additional actions to resolve blocking issues and prevent recurrence.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Monday, September 8, 2025, at 5:00 PM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user"; however, the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: We’ve continued to make progress in reducing the frequency of false positive flagging while identifying new opportunities to improve recovery accuracy. Recovery efforts remain ongoing and require careful attention to ensure that legitimate content is restored appropriately, while malicious items remain securely quarantined. Our analysis of flagged content is actively informing updates to detection logic, helping us drive safer and more complete recovery outcomes. Thank you for your continued patience as we work through this issue.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Monday, September 8, 2025, at 6:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: We’ve identified and are actively remediating a separate issue that has been preventing full recovery. Findings from the investigation have been implemented to strengthen recovery efforts and reduce overall impact. In parallel, we’re continuing to refine detection logic to more accurately differentiate between malicious sites and false positives. We’re applying insights gained through ongoing analysis to improve precision and support comprehensive resolution.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Monday, September 8, 2025, at 1:00 AM UTC

We've identified a separate issue which is currently preventing us from completing the recovery effort for the affected URLs. We're investigating further to ensure this is resolved before we continue the recovery process. In parallel, we're closely analyzing flagged URLs to accurately distinguish between malicious sites and false positives, as this will help us to further refine our detection logic, minimizing the likelihood of errors.

This quick update is designed to give the latest information on this issue.

We’re continuing to review flagged URLs to distinguish between malicious sites and false positives, and refining our detection logic to minimize errors and restore affected URLs to resolve the issue.

This quick update is designed to give the latest information on this issue.

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: We’re continuing our analysis and recovery efforts for the affected URLs, with a focus on validating the accuracy of flagged content to ensure our remediation actions consistently distinguish between truly malicious URLs and those incorrectly flagged. To support this, we’re actively refining detection logic to reduce false positives and drive complete recovery across all impacted scenarios.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Sunday, September 7, 2025, at 5:00 PM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: We’ve identified additional URLs that were incorrectly flagged as potentially malicious and have implemented a fix to prevent them from being blocked. We’re continuing to monitor telemetry to assess the effectiveness of the mitigation and to detect any remaining issues that may be impacting full recovery.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Sunday, September 7, 2025, at 6:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: As our analysis into the URL samples associated with ongoing impact progresses, we're also reviewing a portion of URLs that are taking longer than expected to process through our Machine Learning (ML) models to determine the source of this latency. Processing these URLs through our anti-spam models will help reduce the number of false positive detections by better tracking legitimate email messages.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Sunday, September 7, 2025, at 1:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: We’re continuing to analyze URL samples associated with ongoing impact to determine whether additional actions are needed to fully mitigate the issue.

Scope of impact: Any user receiving email messages or messages within Microsoft Teams containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Sunday, September 7, 2025, at 1:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: We're continuing to analyze samples of URLs that are seeing continued impact to determine if any additional actions are needed to fully alleviate impact.

Scope of impact: Any user receiving email messages containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Saturday, September 6, 2025, at 5:00 PM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: Our efforts to unblock and reprocess the impacted URLs have completed, yet when analyzing the telemetry we've detected a few errors that indicate that some of the URLs may not have completed this process as anticipated. We're analyzing samples of URLs that are seeing continued impact to determine if any additional actions are needed to fully alleviate impact.

Scope of impact: Any user receiving email messages containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Saturday, September 6, 2025, at 9:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: Our unblocking action is taking longer than anticipated. We're continuing to monitor as it progresses to ensure impact is remediated.

Scope of impact: Any user receiving email messages containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Saturday, September 6, 2025, at 5:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: Our unblocking action is progressing as expected and we anticipate that all affected messages should be remediated by the next scheduled communications update.

Scope of impact: Any user receiving email messages containing specific URLs may be affected.

Start time: Friday, September 5, 2025, at 1:10 PM UTC

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Saturday, September 6, 2025, at 1:00 AM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams

User impact: Users may be blocked from opening URLs in Exchange Online messages and Microsoft Teams.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Some email messages may have also been incorrectly quarantined.

Current status: Our investigation has identified that an anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact. We've identified over 6,000 URLs that are affected and are working to unblock them before replaying messages to recover any messages or URLs that were incorrectly flagged.

Scope of impact: Any user receiving email messages containing specific URLs may be affected.

Root cause: An anti-spam service incorrectly flagged URLs contained within other URLs as potentially malicious, resulting in impact.

Next update by: Friday, September 5, 2025, at 10:00 PM UTC

Title: Some users may be blocked from opening URLs in Exchange Online messages

User impact: Users may be blocked from opening URLs in Exchange Online messages.

More info: Additionally, admins may receive alerts titled "A potentially malicious URL click was detected involving one user", however the URLs have been confirmed as safe.

Current status: We're reviewing provided email messages containing affected URLs to assist in the investigation and determine our next steps.

Scope of impact: Any user receiving email messages containing specific URLs may be affected.

Next update by: Friday, September 5, 2025, at 8:30 PM UTC