A new security rule designed to catch sophisticated attacks has backfired. Consequently, businesses worldwide are scrambling to maintain communication. Microsoft confirmed that Exchange Online is incorrectly flagging legitimate business emails as phishing. Furthermore, the system is actively quarantining these messages.
The incident, which began on February 5, 2026, stems from an overly aggressive URL detection update. Unfortunately, this update misidentifies safe links as malicious threats.
Here is a breakdown of the service degradation, the technical root cause, and what administrators need to know right now.
The Incident: Real Emails Trapped in Quarantine
Microsoft tracks this issue under service alert EX1227432 in the Microsoft 365 admin center. The problem initially started affecting organizations on Wednesday morning.
Specifically, users report that the filtering system traps genuine inbound and outbound messages in quarantine. Because the system flags these as “high confidence phish,” it ignores many tenant-side allow lists. As a result, IT administrators find it difficult to release the emails manually.
The Root Cause: Aggressive URL Detection
Microsoft identified the culprit as a newly introduced URL detection rule.
“We’ve determined that the URLs associated with these email messages are incorrectly marked as phish… due to ever-evolving criteria aimed at identifying suspicious email messages.” — Microsoft Statement
Attackers constantly evolve their phishing techniques. Therefore, Microsoft attempted to tighten its security filters. However, the engineering team set the sensitivity thresholds too high. Consequently, the system ensnared routine business correspondence alongside actual threats.
Current Status & Resolution Efforts
As of late Sunday, February 9, Microsoft engineers are actively working to rectify the situation.
- Manual Review: Engineers are currently reviewing quarantined messages and unblocking confirmed legitimate URLs.
- Service Restoration: Meanwhile, some users are seeing previously blocked messages finally arrive in inboxes.
- Timeline: Unfortunately, there is currently no estimated timeline for a full fix. Additionally, Microsoft has not disclosed the total number of affected customers or regions.
A History of False Positives
Notably, this is not an isolated event. Exchange Online has faced similar struggles in balancing security with deliverability over the last few years.
- For instance, in 2025: A machine learning model incorrectly flagged Gmail emails as spam (Incident EX1064599).
- Similarly, in 2024: A change in phishing detection misidentified domain creation dates. This error caused false positives that persisted for weeks.
What Admins Should Do
The lack of concrete timelines has created planning paralysis for many IT departments. However, you can take specific steps:
- Monitor the Admin Center: First, keep a close eye on updates regarding EX1227432.
- Prepare Contingencies: Furthermore, if email reliability is critical for your operations, consider alternative communication channels until Microsoft fixes the filter.
- Check Quarantine: Finally, regularly review the quarantine folder. But remember that “high confidence” flags may require special permissions to release.
Also Read : Is Tumblr Down? Thousands Report Outages – Here is When It Will Be Back
