MC383873 – (Updated) Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’

cloudscout.one Icon

check before: 2022-06-07

Product:

Defender, Defender for Office 365, Microsoft 365 Defender

Platform:

Web, World tenant

Status:

In development

Change type:

Admin impact, Feature update, Updated message

Links:

93300

Details:

Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-September (previously mid-August) and complete deployment by mid-October (previously mid-September).

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:
General Availability

Created:
2022-05-24

updated:
2022-08-27

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2022-08-27MC Last Updated07/25/2022 18:38:092022-08-26T02:22:26Z
2022-08-27MC MessagesUpdated July 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-August (previously mid-July) and complete deployment by mid-September (previously late August).
Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-September (previously mid-August) and complete deployment by mid-October (previously mid-September).
2022-08-27MC End Time10/17/2022 09:00:002022-11-24T08:00:00Z
2022-08-27MC prepareThere is no action needed from you at this time. You may want to consider updating your training and documentation as appropriate.
Learn More:
A Potentially Malicious URL Click was Detected
Alert Policies in Microsoft 365
https://docs.microsoft.com/microsoft-365/compliance/alert-policies#default-alert-policies
https://docs.microsoft.com/microsoft-365/compliance/alert-policies?view=o365-worldwide#default-alert-policies
https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=93300
There is no action needed from you at this time. You may want to consider updating your training and documentation as appropriate.
Learn More:
A Potentially Malicious URL Click was Detected
Alert Policies in Microsoft 365
ps://docs.microsoft.com/microsoft-365/compliance/alert-policies#default-alert-polici
ps://docs.microsoft.com/microsoft-365/compliance/alert-policies?view=o365-worldwide#default-alert-polici
ps://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=933
2022-07-26MC Last Updated06/30/2022 18:54:222022-07-25T18:38:09Z
2022-07-26MC MessagesUpdated June 30, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-July (previously late June) and complete deployment by late August (previously late July).
Updated July 25, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-August (previously mid-July) and complete deployment by mid-September (previously late August).
2022-07-26MC End Time09/30/2022 09:00:002022-10-17T09:00:00Z
2022-07-01MC MessagesThe current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in late June and complete deployment by late July.
Updated June 30, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-July (previously late June) and complete deployment by late August (previously late July).
2022-07-01MC TitleExpansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’(Updated) Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’
2022-07-01MC Last Updated05/24/2022 01:15:572022-06-30T18:54:22Z
2022-07-01MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact
2022-07-01MC End Time08/31/2022 09:00:002022-09-30T09:00:00Z

*starting April 2022

Last updated 1 month ago

Login to your account

Welcome Back, We Missed You!