Microsoft Exchange Online is currently facing an ongoing issue where legitimate emails are misidentified as phishing threats. This service degradation began on February 5, 2026, at 10:31 AM EST, leading to significant disruptions in communication for users relying on this platform.
Incident Overview
The problem, documented as incident EX1227432, affects Exchange Online users broadly. Many are unable to send or receive emails, causing productivity concerns across various organizations.
Cause of the Issue
The root cause appears to be an overly aggressive detection criterion designed to combat spam and phishing. A new URL filtering rule erroneously classifies safe URLs as malicious, resulting in the unnecessary quarantine of legitimate messages.
- Issue Start Date: February 5, 2026
- Incident Identifier: EX1227432
- Detection Method: Overly aggressive URL filtering
Effects on Users
Affected individuals are finding both inbound and outbound emails trapped in quarantine. This situation requires manual intervention from system administrators, who often need to release messages that have been incorrectly flagged.
Despite Microsoft’s efforts to rectify the situation, users report that some previously quarantined messages have only recently been released. The company is currently reviewing these quarantined items and unblocking valid URLs.
Microsoft’s Response
Microsoft is actively working towards a resolution, with updates provided over the weekend indicating progress. However, a precise timeline for complete remediation has not yet been established.
- Monitoring Status: Users are encouraged to check the Microsoft 365 admin center for updates on EX1227432.
- Anticipated Resolution: Ongoing reviews and unblocking of URLs are prioritized.
Historical Context
This recent incident is not an isolated case. Exchange Online has seen numerous occurrences of false positives in the past. For example, in May 2025, a machine learning model incorrectly marked Gmail emails as spam. Additionally, issues arose in March and September 2025, where legitimate messages faced quarantines or blocks due to URL bugs.
Community Feedback
User frustration is widespread. Reports on platforms like Reddit highlight ongoing issues since 2022, often leading to the need for support tickets. Many system administrators have noted specific patterns, particularly with senders lacking DMARC configurations or those using image-heavy signatures, frequently triggering alerts.
Recommendations for Organizations
To mitigate the impacts of these misidentifications, organizations should:
- Regularly report false positives through quarantine tools.
- Consider employing third-party email filters as a backup solution.
Microsoft has acknowledged these challenges and is committed to improving its filtering systems. Organizations are urged to monitor their quarantines closely and adhere to established security policies to prevent further complications.
For ongoing updates and cybersecurity news, follow us on Google News, LinkedIn, and X. For feature stories, please reach out to us directly.
