I was trying not to make a judgement call and just report my findings.
In my experience with Microsoft's URL detonation, it could go either way and be a false positive or be real. In one case where I had a definite false positive, opening a ticket with Microsoft resolved the issue within a few hours. Both myself and the entity with the false positive are government cloud customers, maybe our experience would be different in the commercial cloud. Interestingly, this issue seems to affect anyone using Microsoft hosted email without regard to which cloud you are using. Different data centers, separate implementation, but some shared data apparently.
In my experience with Microsoft's URL detonation, it could go either way and be a false positive or be real. In one case where I had a definite false positive, opening a ticket with Microsoft resolved the issue within a few hours. Both myself and the entity with the false positive are government cloud customers, maybe our experience would be different in the commercial cloud. Interestingly, this issue seems to affect anyone using Microsoft hosted email without regard to which cloud you are using. Different data centers, separate implementation, but some shared data apparently.