Microsoft Defender mistakenly flags legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began more than five hours ago.

As the company confirmed earlier today on Twitter, its engineers are investigating this service incident as a false positive.

“We are investigating an issue where legitimate URL links are incorrectly marked as malicious by the Microsoft Defender service. Additionally, some alerts are not displaying content as expected,” Microsoft said.

“We have confirmed that users can still access legitimate URLs despite the false positive alerts. We are investigating the reason and the part of the service that incorrectly identifies legitimate URLs as malicious.”

In an update Added to the Microsoft 365 Admin Center portal, Redmond confirmed that admins are likely to receive an increased number of high-severity alert emails indicating that a “click on a potentially malicious URL has been detected.”

The company also has confirmed reports problems access alert details by clicking the “View Alerts” link in emails.

“We are reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” Microsoft added. “The impact is specific to any administrator served through the affected infrastructure.”

Earlier today, Redmond issued another service degradation notice via the admin center portal, notifying administrators that alerts and incidents pages may be inaccessible.

We have confirmed that users can still access legitimate URLs despite the false positives. We investigate why and which part of the service incorrectly identifies legitimate URLs as malicious. More details are under DX534539 in the admin center.

— Microsoft 365 Status (@MSFT365Status) March 29, 2023

This is a developing story…