Update - Microsoft Defender SmartScreen continues to flag the OAuth authorization URL https://app.cronofy.com/oauth/authorize as unsafe.

We are yet to hear back from Microsoft regarding our dispute of this classification.

We do not wish to make changes that could be seen as attempting to bypass this protective mechanism as that is what a nefarious actor would do, potentially leading to the entire domain being flagged. We are instead attempting to go through the proper process to get the classification corrected, but this does mean the time line is out of our hands.

Users appear to be able to refresh the page when they hit the warning and the page then functions as normal. Using a browser other than Microsoft Edge also serves as a workaround to this issue.

We would like to request that our customers initiate their own calendar OAuth flows in Microsoft Edge and see if they are shown a warning. If so, can you click the "More information" link and then "Report that this site doesn't contain phishing threats" and fill out the form. This should help our case get in front of the correct people at Microsoft for resolution.

Oct 03, 2022 - 17:26 BST
Update - Microsoft Defender SmartScreen is still flagging the OAuth authorization URL https://app.cronofy.com/oauth/authorize as unsafe.

We first received a report of this on Thursday evening, and it is potentially related to a recent release of Microsoft Edge https://blogs.windows.com/msedgedev/2022/09/29/more-reliable-web-defense/

We have identified an application in development mode which may have been being used as part of a phishing scam. Using Cronofy's domain as a trust-worthy starting point but redirecting on to an untrustworth redirect URI after the user has granted access to their calendar. We have disabled this application and made our warning that an application in development mode much more prominent to discourage the use of development mode applications in this way.

We have reached out to the SmartScreen team for an update and let them know our findings and actions so far.

Oct 01, 2022 - 12:07 BST
Update - We have been unable to find a workaround for the false negative with Microsoft Defender SmartScreen. We have been able to verify that it is only affecting Microsoft Edge users visiting the `/oauth/authorize` for the US data center, though attempts to alter the behavior in non-breaking ways have not cleared the error.

Our telemetry has confirmed that the scale of the impact is very small.

Customers using Microsoft Edge to authorize calendars will see the warning, though refreshing the page will clear it, as will choosing to Continue to the page.

We are awaiting a response from Microsoft regarding our request to verify the affected URL.

Users of other web browsers continue to be unaffected.

Sep 30, 2022 - 15:47 BST
Investigating - We have had reports of Microsoft Defender SmartScreen within Microsoft's Edge browser flagging some OAuth flows as being from an unsafe site.

We obviously believe this to be a false-negative and have reported this to Microsoft.

If users refresh the page Edge will allow users to continue without any warning.

Based on this workaround being simple and indicative of the domain as a whole not being deemed untrustworthy, we are investigating if there is anything we can do to avoid this false-negative from our side.

Sep 30, 2022 - 11:25 BST
API Operational
Background Processing Operational
Developer Dashboard Operational
Scheduler Operational
Major Calendar Providers Operational
Apple Operational
Google Operational
Microsoft 365 Operational
Outlook.com Operational
Conferencing Services Operational
GoTo Operational
Zoom Operational
Degraded Performance
Partial Outage
Major Outage
API uptime
Developer Dashboard and Scheduler uptime
Past Incidents
Oct 6, 2022

No incidents reported today.

Oct 5, 2022

No incidents reported.

Oct 4, 2022

No incidents reported.

Oct 3, 2022

Unresolved incident: Microsoft Defender SmartScreen reporting US OAuth URL as unsafe.

Oct 2, 2022

No incidents reported.

Oct 1, 2022
Sep 30, 2022
Sep 29, 2022

No incidents reported.

Sep 28, 2022

No incidents reported.

Sep 27, 2022

No incidents reported.

Sep 26, 2022

No incidents reported.

Sep 25, 2022

No incidents reported.

Sep 24, 2022

No incidents reported.

Sep 23, 2022

No incidents reported.

Sep 22, 2022

No incidents reported.