Microsoft Exchange Online recently experienced a service incident that incorrectly flagged legitimate business emails as phishing and moved them to quarantine, disrupting normal email communication for some customers.
The issue began around February 5, 2026, and affected both incoming and outgoing emails across Exchange Online environments. Users reported missing messages, while administrators noticed a spike in quarantined emails that appeared safe.
What Caused the Issue
Microsoft confirmed the problem originated from an internal email filtering update rather than any external cyberattack. A newly introduced URL detection rule applied overly aggressive criteria, mistakenly classifying legitimate links as malicious.
Key Details of the Incident:
- Phishing protection systems automatically quarantined legitimate emails.
- The issue affected both inbound and outbound messages.
- The issue stemmed from internal filtering logic, not a security breach
- Microsoft did not disclose the number of impacted customers or regions.
How Microsoft Responded
Microsoft engineers began reviewing quarantined messages and unblocking URLs verified as safe. Mitigation steps allowed some emails to be released and delivered after manual and automated corrections were applied.
During the incident, administrators and users had to manually release emails from quarantine to restore communication while Microsoft worked on a permanent fix.
| Area Affected | Impact |
| Email delivery | Delays and blocked messages |
| Security filters | Over-aggressive phishing detection |
| Admin workload | Manual email release required |
Microsoft stated that adjustments to the filtering logic are ongoing to prevent similar false positives in the future and improve reliability for Exchange Online customers.
