![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 56.00000000000001%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
3,085 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 61%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 1%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Microsoft has done this twice to us. The first time it took 36 hours for MS to respond and remedy. This time we are on day 4 without a response or acknowledgement.
We are a private, licensed, enterprise software web app (not a "website"), where each customer gets their own personalized wildcard URL and a link to the customer's Okta Single Sign site where their users are required to go to login to our site, i.e. it is a link on our login page. Somehow, this obvious link to an Okta URL and an Okta site was deemed to be dangerous enough that Microsoft was compelled to blindly accuse our company of being dangerous and of phishing without any investigation or opportunity to remedy.
By contrast, Netcraft, Firefox, Chrome, and our host were responsive and promptly removed this improper block within hours. Microsoft did not, and is not, responding or remedying the situation after days. It is a black-hole process.
Microsoft has globally labeled our business as being dangerous and accused us of being a phishing site while hiding under the covers of "reported to Microsoft." This is like being put in jail because some third party said you looked like a criminal due to the shirt you were wearing, then having the jailer publish accusations worldwide that you are dangerous and may be committing crimes while not talking to you or investigating the matter for days, all while you slowly lose your livelihood and business.
Microsoft apparently believes it is OK to defame orgs and block their businesses based on hearsay, without any communication, investigation, or application of common sense, and then provides no mechanism or opportunity for support or remedy other than a generic webform that isn't even designed for web apps for which there is no tracking number, ID, or alternative method of communications or recourse.
Microsoft's statements that "These reports are verified by our support team and mistakes are corrected" and "Microsoft Defender SmartScreen has a built-in, web-based feedback system in place to help customers and website owners report any potential false warnings as quickly as possible" is misleading at best, and it does not explain that this process may or may not happen, does not address web applications at all, nor does it explain that "quickly as possible" really means someday or whenever Microsoft feels like it.
As a former CIO, CISO, and as a CEO, and as a 30-year advocate of Microsoft, and after speaking with many colleagues, I find this process of "prove your innocence" and its deaf ears of after the fact justice appalling, shameful, and intentionally harmful. Lacking further clarity and support, we face no choice but to turn this over to counsel.
