Microsoft Defender for Endpoint has flooded system administrators with false alerts. Users have reported receiving multiple alerts for alleged password reuse on sites, despite denying the reuse of passwords. The warning itself is apparently missing from Microsoft’s documentation. The alerts only come from Windows 11 devices, and almost all of them relate to alleged password reuse on Microsoft domains. It is possible that the issue may have arisen from Defender for Endpoint incorrectly flagging SSO domains as a concern.
In September 2022, Microsoft introduced enhanced phishing protection, which may have caused the false alerts. The company wanted to warn users against the reuse of passwords, however, Microsoft Defender has falsely bombarded users with warnings on multiple previous occasions. Microsoft addressed other false positives in January 2023 after a flawed update removed shortcuts falsely identified as malware.
A recent update to Microsoft Defender Antivirus also caused confusion among developers, who received a warning when updating that Local Security Authority (LSA) Protection was disabled. Microsoft released a workaround for the problem. However, a later update appears to have disabled LSA altogether on Windows 11 systems in favor of a new process titled “Kernel-mode Hardware-enforced Stack Protection.”