{"id":14673,"date":"2026-01-24T21:00:56","date_gmt":"2026-01-24T12:00:56","guid":{"rendered":"https:\/\/m365jp.net\/?p=14673"},"modified":"2026-01-24T21:01:25","modified_gmt":"2026-01-24T12:01:25","slug":"falsepositive-dz1220491-microsoft-defender-xdr-some-admins-may-see-automated-investigation-and-response-air-remediation-actions-affecting-more-email-than-intended-2","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-01-24-falsepositive-dz1220491-microsoft-defender-xdr-some-admins-may-see-automated-investigation-and-response-air-remediation-actions-affecting-more-email-than-intended-2","title":{"rendered":"[falsePositive] DZ1220491 | Microsoft Defender XDR | Some admins may see automated investigation and response (AIR) remediation actions affecting more email than intended"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">DZ1220491 | Microsoft Defender XDR | Some admins may see automated investigation and response (AIR) remediation actions affecting more email than intended<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Status<\/th>\n<td class=\"bad\">falsePositive<\/td>\n<\/tr>\n<tr>\n<th>Classification<\/th>\n<td>advisory<\/td>\n<\/tr>\n<tr>\n<th>User Impact<\/th>\n<td>Admins may see AIR remediation actions affecting more email than intended in Microsoft Defender for Office 365.<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>01\/24\/2026 11:39:32<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>01\/21\/2026 16:24:35<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Latest Message<\/th>\n<td>Title: Some admins may see automated investigation and response (AIR) remediation actions affecting more email than intended<\/p>\n<p>  User impact: Admins may see AIR remediation actions affecting more email than intended in Microsoft Defender for Office 365.<\/p>\n<p>  More info: Some admins utilizing AIR remediation based on email subject matching may experience additional email being included in a remediation action beyond the originally intended scope.<\/p>\n<p>  Admins can manually approve or deny the proposed remediation actions, and we advise admins to review these remediation actions for potentially impacted email messages from your organization. If admins are utilizing automated remediation actions, we advise admins   to review these automated actions for additional email being included beyond the originally intended scope.<\/p>\n<p>  Automated email remediation actions have been temporarily disabled while we investigate and work to resolve the offending impact scenario.<\/p>\n<p>  Current status: We&#8217;ve identified that a discrepancy occurred due to a mismatch between the subject\u2011match logic used in AIR and the one used during remediation, which caused the remediation process to apply a broader match scope, resulting in the inclusion of   emails outside the intended AIR cluster and leading to additional emails being remediated. Our aforementioned recovery process is ongoing as expected and we anticipate its completion by our next scheduled update.<\/p>\n<p>  Scope of impact: Your organization is affected by this event, and some admins attempting to utilize AIR remediation based on email subject matching in Microsoft Defender for Office 365 are impacted.<\/p>\n<p>  Start time: Wednesday, December 17, 2025, at 12:00 AM UTC<\/p>\n<p>  Root cause: A discrepancy occurred due to a mismatch between the subject\u2011match logic used in AIR and the one used during remediation, which caused the remediation process to apply a broader match scope, resulting in the inclusion of emails outside the intended   AIR cluster and leading to additional emails being remediated. <\/p>\n<p>  Next update by: Saturday, January 24, 2026, at 10:00 PM UTC<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\u30bf\u30a4\u30c8\u30eb:\u4e00\u90e8\u306e\u7ba1\u7406\u8005\u306f\u3001\u81ea\u52d5\u8abf\u67fb\u30fb\u5bfe\u5fdc(AIR)\u306e\u662f\u6b63\u63aa\u7f6e\u304c\u610f\u56f3\u4ee5\u4e0a\u306e\u30e1\u30fc\u30eb\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3057\u3066\u3044\u308b\u3068\u611f\u3058\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093<\/p>\n<p>  \u30e6\u30fc\u30b6\u30fc\u3078\u306e\u5f71\u97ff:\u7ba1\u7406\u8005\u306f\u3001Microsoft Defender for Office 365\u3067\u610f\u56f3\u3057\u305f\u3088\u308a\u591a\u304f\u306e\u30e1\u30fc\u30eb\u306bAIR\u5bfe\u7b56\u304c\u5f71\u97ff\u3092\u53ca\u307c\u3057\u3066\u3044\u308b\u306e\u3092\u76ee\u306b\u3059\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>  \u8a73\u7d30\u60c5\u5831:\u30e1\u30fc\u30eb\u306e\u4ef6\u540d\u4e00\u81f4\u306b\u57fa\u3065\u304fAIR\u5bfe\u7b56\u3092\u5229\u7528\u3059\u308b\u7ba1\u7406\u8005\u306e\u4e2d\u306b\u306f\u3001\u5f53\u521d\u306e\u610f\u56f3\u7bc4\u56f2\u3092\u8d85\u3048\u305f\u8ffd\u52a0\u306e\u30e1\u30fc\u30eb\u304c\u4fee\u6b63\u63aa\u7f6e\u306b\u542b\u307e\u308c\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>  \u7ba1\u7406\u8005\u306f\u63d0\u6848\u3055\u308c\u305f\u4fee\u5fa9\u63aa\u7f6e\u3092\u624b\u52d5\u3067\u627f\u8a8d\u307e\u305f\u306f\u62d2\u5426\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u3001\u7d44\u7e54\u304b\u3089\u306e\u5f71\u97ff\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u30e1\u30fc\u30eb\u306b\u3064\u3044\u3066\u306f\u3001\u3053\u308c\u3089\u306e\u5bfe\u7b56\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002\u7ba1\u7406\u8005\u304c\u81ea\u52d5\u4fee\u5fa9\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u5f53\u521d\u306e\u610f\u56f3\u7bc4\u56f2\u3092\u8d85\u3048\u305f\u8ffd\u52a0\u306e\u30e1\u30fc\u30eb\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3001\u3053\u308c\u3089\u306e\u81ea\u52d5\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n<p>  \u554f\u984c\u306e\u539f\u56e0\u3068\u306a\u308b\u5f71\u97ff\u30b7\u30ca\u30ea\u30aa\u306e\u8abf\u67fb\u3068\u89e3\u6c7a\u4f5c\u696d\u306e\u9593\u3001\u81ea\u52d5\u30e1\u30fc\u30eb\u5bfe\u5fdc\u306f\u4e00\u6642\u7684\u306b\u505c\u6b62\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>  \u73fe\u72b6:AIR\u3067\u4f7f\u7528\u3055\u308c\u305f\u4ef6\u540d\u30de\u30c3\u30c1\u306e\u30ed\u30b8\u30c3\u30af\u3068\u4fee\u5fa9\u6642\u306e\u3082\u306e\u3068\u306e\u9593\u306b\u4e0d\u4e00\u81f4\u304c\u751f\u3058\u3001\u305d\u306e\u7d50\u679c\u3001\u4fee\u5fa9\u30d7\u30ed\u30bb\u30b9\u306b\u3088\u308a\u5e83\u7bc4\u306a\u30de\u30c3\u30c1\u7bc4\u56f2\u304c\u9069\u7528\u3055\u308c\u3001\u610f\u56f3\u3055\u308c\u305fAIR\u30af\u30e9\u30b9\u30bf\u30fc\u5916\u306e\u30e1\u30fc\u30eb\u304c\u542b\u307e\u308c\u3001\u8ffd\u52a0\u306e\u30e1\u30fc\u30eb\u304c\u4fee\u5fa9\u3055\u308c\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u524d\u8ff0\u306e\u5fa9\u65e7\u30d7\u30ed\u30bb\u30b9\u306f\u4e88\u60f3\u901a\u308a\u9032\u884c\u4e2d\u3067\u3042\u308a\u3001\u6b21\u56de\u306e\u66f4\u65b0\u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n<p>  \u5f71\u97ff\u7bc4\u56f2:\u8cb4\u7d44\u7e54\u306f\u3053\u306e\u30a4\u30d9\u30f3\u30c8\u306e\u5f71\u97ff\u3092\u53d7\u3051\u3066\u304a\u308a\u3001Microsoft Defender for Office 365\u3067\u30e1\u30fc\u30eb\u306e\u4ef6\u540d\u30de\u30c3\u30c1\u30f3\u30b0\u306b\u57fa\u3065\u304fAIR\u5bfe\u7b56\u3092\u8a66\u307f\u308b\u7ba1\u7406\u8005\u306e\u4e00\u90e8\u304c\u5f71\u97ff\u3092\u53d7\u3051\u307e\u3059\u3002<\/p>\n<p>  \u958b\u59cb\u6642\u9593:2025\u5e7412\u670817\u65e5\u6c34\u66dc\u65e5 0:00 UTC<\/p>\n<p>  \u6839\u672c\u539f\u56e0:AIR\u3067\u4f7f\u7528\u3055\u308c\u305f\u4e3b\u984c\u30de\u30c3\u30c1\u30ed\u30b8\u30c3\u30af\u3068\u30ea\u30e1\u30a4\u30af\u6642\u306e\u30ed\u30b8\u30c3\u30af\u3068\u306e\u9593\u306b\u4e0d\u4e00\u81f4\u304c\u751f\u3058\u3001\u30ea\u30e1\u30c7\u30a3\u30a8\u30fc\u30b7\u30e7\u30f3\u30d7\u30ed\u30bb\u30b9\u306b\u3088\u308a\u5e83\u7bc4\u306a\u30de\u30c3\u30c1\u30f3\u30b0\u7bc4\u56f2\u304c\u9069\u7528\u3055\u308c\u3001\u610f\u56f3\u3055\u308c\u305fAIR\u30af\u30e9\u30b9\u30bf\u30fc\u5916\u306e\u30e1\u30fc\u30eb\u304c\u542b\u307e\u308c\u3001\u8ffd\u52a0\u306e\u30e1\u30fc\u30eb\u304c\u30ea\u30e1\u30c7\u30a3\u30b7\u30e7\u30cb\u30f3\u30b0\u3055\u308c\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>  \u6b21\u56de\u66f4\u65b0:2026\u5e741\u670824\u65e5\u571f\u66dc\u65e5 22:00 UTC<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>DZ1220491 | Microsoft Defender XDR | Some admins may see automated investigation and response (AIR) remediatio [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14673","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=14673"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14673\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=14673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=14673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=14673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}