MC383873 – (Updated) Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’

cloudscout.one Icon

check before: 2022-06-07

Product:

Defender, Defender for Office 365, Microsoft 365 Defender

Platform:

Web, World tenant

Status:

In development

Change type:

Admin impact, Feature update, Updated message

Links:

93300

Details:

Updated June 30, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-July (previously late June) and complete deployment by late August (previously late July).

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:
General Availability

Created:
2022-05-24

updated:
2022-07-01

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Login
Get a Plan

changes*

DatePropertyoldnew
2022-07-01MC MessagesThe current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in late June and complete deployment by late July.		Updated June 30, 2022: We have updated the rollout timeline below. Thank you for your patience.
The current default alert policy named 'A potentially malicious URL click was detected' generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as "good" when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as "bad" (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.
This message is associated with Microsoft 365 Roadmap ID 93300
[When this will happen:]
This update will begin rollout in mid-July (previously late June) and complete deployment by late August (previously late July).
2022-07-01MC TitleExpansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’(Updated) Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’
2022-07-01MC Last Updated05/24/2022 01:15:572022-06-30T18:54:22Z
2022-07-01MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact
2022-07-01MC End Time08/31/2022 09:00:002022-09-30T09:00:00Z

*starting April 2022

Last updated 3 days ago

Related Posts:

  • 93300 - Microsoft Defender for Office 365: Expansion for URL Click Alert policy
    93300 - Microsoft Defender for Office 365: Expansion for URL…     18. May 2022 *For this entry exists the more relevant or more recent entry MC383873 check before: 2022-07-01 Product: Defender, Defender for Office 365 Platform: Web, World tenant Status: In development Change type: Feature update Links: MC383873 Details:…
  • MC355215 - (Updated) Microsoft Defender for Office 365: New default (URL click) alert policy
    MC355215 - (Updated) Microsoft Defender for Office 365: New…     9. April 2022 check before: 2022-04-23 Product: Defender, Defender for Office 365, Microsoft 365 Defender Platform: Web, World tenant Status: In development Change type: Admin impact, Feature update, Updated message Links: 93211 Details: Updated May 17, 2022: We…
  • MC315649 - (Updated) On-Demand Caption and Transcript Generation (archived)
    MC315649 - (Updated) On-Demand Caption and Transcript…     19. January 2022 check before: 2022-02-01 Product: OneDrive, SharePoint, Stream Platform: Online, Web, World tenant Status: varies Change type: New feature, Updated message, User impact Links: MC29377485552 Details: Updated May 05, 2022: We have updated the rollout timeline…
  • 93327 - Microsoft Stream: On-demand caption and transcript generation for supported languages
    93327 - Microsoft Stream: On-demand caption and transcript…     17. June 2022 check before: 2022-10-01 Product: OneDrive, SharePoint, Stream Platform: Germany, Web, World tenant Status: In development Change type: New feature, Admin impact Links: Details: If you have edit permission to a video stored in SharePoint/OneDrive, this…
  • MC365130 - Prevent/Fix (Detected) Remote help will require users to have the latest update (archived)
    MC365130 - Prevent/Fix (Detected) Remote help will require…     28. April 2022 check before: 2022-05-12 Product: Intune, Microsoft Edge, Microsoft Endpoint Manager Platform: Web, World tenant Status: Change type: User impact, Admin impact Links: Details: We are currently in the process of releasing an update for remote…
  • MC344400 - Prevent/Fix (Detected) Update to the latest version of Android Company Portal (archived)
    MC344400 - Prevent/Fix (Detected) Update to the latest…     19. March 2022 check before: 2022-04-01 Product: Intune, Outlook Platform: Android, World tenant Status: Change type: User impact Links: Details: We identified a problem with the February Android Company Portal (version 5.0.5421.0) that prevents users with Android 12…

Leave a Reply

cloudscout.one

Consolidated Microsoft 365 Roadmap and Message Center analysis for Office 365 operations and change management.

Share on

Support

Schierding.one GmbH

Alleenstraße 16
78549 Spaichingen
Phone: +49 (0)7424 60899-09
E-Mail: info@schierding.one
Amtsgericht Stuttgart (HRB 767585)
USt-ID DE321821109

Legal:

Privacy Policy

Imprint

FAQ

Login to your account

Welcome Back, We Missed You!