Skip to Content

MC383873: Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’

The current default alert policy named ‘A potentially malicious URL click was detected’ generates an alert on URL clicks for specific scenarios. One of the primary scenarios is called verdict change. The URL in the email was identified as “good” when it was delivered to the Inbox, however, when the user clicked the URL, Time of Click validation identified the URL as “bad” (as conditions / actions of the URL changed since email delivery). This verdict flip now describes the previous user clicks as clicks on malicious URLs, however, no alert is currently generated for the previous clicks.

We are expanding on this scenario to identify any user clicks on URLs going back 48 hours from the time of the verdict change. This reevaluation gives SecOps teams more insight into the historic clicks on malicious URLs and takes the appropriate actions.

This message is associated with Microsoft 365 Roadmap ID 93300.

We are expanding coverage of the malicious URL click alert. The alert will now include any clicks in the past 48 hours (for emails) from the time the malicious URL verdict is identified.

MC383873: Expansion for Alert Generation for Alert Policy ‘A Potentially Malicious URL Click was Detected’

When this will happen

This update will begin rollout in late June and complete deployment by late July.

How this will affect your organization

This new scenario will generate more alerts for the current alert policy named A potentially malicious URL click was detected, which may also raise the number of AIR and incident correlations.

What you need to do to prepare

There is no action needed from you at this time. You may want to consider updating your training and documentation as appropriate.

Learn More

  • Microsoft 365 > Manage auditing and alert policies > Alert policies in Microsoft 365 > Default alert policies

Message ID: MC383873
Published: 23 May 2022
Updated: 23 May 2022

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker