User impact: Admins may see inconsistent URLs within some Microsoft Defender for Office 365 experiences.

More info: Inconsistent URL details are seen within Threat Explorer, Email Entity Page, and the Email Entity Summary Panel Integrations within the Microsoft 365 Defender portal for recent events, which include the following summary panel integrations:

– Threat Explorer
– Advanced Hunting
– Reporting
– Quarantine
– Submissions
– Alerts
– Unified Action Center

Additionally, Explorer URL queries and automated investigation and response (AIR) may also be impacted for recent events. Alert and investigation views may not show URLs and investigation may not find all URLs with emails consistently.

The protection and filtering stack, quarantine, zero-hour auto purge (ZAP), Advanced Hunting URL data/hunting and the remainder of Microsoft Defender for Office 365 experiences are unimpacted.

Current status: We’re continuing to prepare the fix for deployment to resolve the underlying issue with URLs. We anticipate the deployment may be ready to initiate to the impacted environments by our next communications update, afterwards in which we’ll provide a remediation timeline should it become available. 

Scope of impact: This issue can potentially impact any admin attempting to review the experiences mentioned within the More info section.

Root cause: A recent service update is causing a discrepancy within our logging process, causing limitations with how recent URLs are logged.

Next update by: Saturday, May 6, 2023, at 1:00 AM UTC