check before: 2022-06-07
Product:
Defender, Defender for Office 365, Microsoft 365 Defender
Platform:
US Instances, Web, World tenant
Status:
Launched
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.
We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-September (previously mid-August) and complete deployment by mid-October (previously mid-September).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2022-05-24
updated:
2022-08-27
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
More Info URL
XXXXXXX ... free basic plan only
** AI generated content. This information is not reliable.
the free basic plan is required to see all details. Sign up here
change history
| Date | Property | old | new |
| 2022-09-15 | MC prepare | There is no action needed from you at this time. You may want to consider updating your training and documentation as appropriate.
Learn More: A Potentially Malicious URL Click was Detected Alert Policies in Microsoft 365 ps://docs.microsoft.com/microsoft-365/compliance/alert-policies#default-alert-polici ps://docs.microsoft.com/microsoft-365/compliance/alert-policies?view=o365-worldwide#default-alert-polici ps://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=933 | There is no action needed from you at this time. You may want to consider updating your training and documentation as appropriate.
Learn More: A Potentially Malicious URL Click was Detected Alert Policies in Microsoft 365 https://docs.microsoft.com/microsoft-365/compliance/alert-policies#default-alert-policies https://docs.microsoft.com/microsoft-365/compliance/alert-policies?view=o365-worldwide#default-alert-policies https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=93300 |
| 2022-08-27 | MC Last Updated | 07/25/2022 18:38:09 | 2022-08-26T02:22:26Z |
| 2022-08-27 | MC Messages | Updated July 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks. We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions. This message is associated with Microsoft 365 Roadmap ID 93300 [When this will happen:] This update will begin rollout in mid-August (previously mid-July) and complete deployment by mid-September (previously late August). | Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks. We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions. This message is associated with Microsoft 365 Roadmap ID 93300 [When this will happen:] This update will begin rollout in mid-September (previously mid-August) and complete deployment by mid-October (previously mid-September). |
| 2022-08-27 | MC End Time | 10/17/2022 09:00:00 | 2022-11-24T08:00:00Z |
| 2022-08-27 | MC prepare | There is no action needed from you at this time. You may want to consider updating your training and documentation as appropriate.
Learn More: A Potentially Malicious URL Click was Detected Alert Policies in Microsoft 365 https://docs.microsoft.com/microsoft-365/compliance/alert-policies#default-alert-policies https://docs.microsoft.com/microsoft-365/compliance/alert-policies?view=o365-worldwide#default-alert-policies https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=93300 | There is no action needed from you at this time. You may want to consider updating your training and documentation as appropriate.
Learn More: A Potentially Malicious URL Click was Detected Alert Policies in Microsoft 365 ps://docs.microsoft.com/microsoft-365/compliance/alert-policies#default-alert-polici ps://docs.microsoft.com/microsoft-365/compliance/alert-policies?view=o365-worldwide#default-alert-polici ps://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=933 |
| 2022-07-26 | MC Last Updated | 06/30/2022 18:54:22 | 2022-07-25T18:38:09Z |
| 2022-07-26 | MC Messages | Updated June 30, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks. We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions. This message is associated with Microsoft 365 Roadmap ID 93300 [When this will happen:] This update will begin rollout in mid-July (previously late June) and complete deployment by late August (previously late July). | Updated July 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks. We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions. This message is associated with Microsoft 365 Roadmap ID 93300 [When this will happen:] This update will begin rollout in mid-August (previously mid-July) and complete deployment by mid-September (previously late August). |
| 2022-07-26 | MC End Time | 09/30/2022 09:00:00 | 2022-10-17T09:00:00Z |
| 2022-07-01 | MC Messages | The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.
We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions. This message is associated with Microsoft 365 Roadmap ID 93300 [When this will happen:] This update will begin rollout in late June and complete deployment by late July. | Updated June 30, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks. We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions. This message is associated with Microsoft 365 Roadmap ID 93300 [When this will happen:] This update will begin rollout in mid-July (previously late June) and complete deployment by late August (previously late July). |
| 2022-07-01 | MC Title | Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’ | (Updated) Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’ |
| 2022-07-01 | MC Last Updated | 05/24/2022 01:15:57 | 2022-06-30T18:54:22Z |
| 2022-07-01 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
| 2022-07-01 | MC End Time | 08/31/2022 09:00:00 | 2022-09-30T09:00:00Z |
Last updated 1 year ago ago
