Microsoft has confirmed it is investigating an ongoing issue in Exchange Online that incorrectly flagged legitimate emails as phishing attempts, sending them to quarantine and disrupting normal email flow for affected organizations.
The incident began on Feb. 5 and remains under active remediation, according to Microsoft’s service communications.
In a notice posted to the Microsoft 365 Service Health dashboard, the company confirmed that some users were unable to send or receive email because messages containing specific URLs were mistakenly classified as malicious.
Exchange Online is the cloud-based email service within Microsoft 365 used by enterprises and small and midsize businesses globally.
Microsoft clarified that a newly deployed URL detection rule was responsible for the false positives. The rule was intended to improve identification of advanced phishing campaigns but instead blocked valid links, causing email messages to be quarantined automatically.
Operational Impact and Security Implications
Microsoft has not disclosed how many customers or regions were affected, but the company classified the problem as an incident. As a temporary measure, engineers are reviewing quarantined messages and restoring emails confirmed to be legitimate.
False positives are a significant problem for companies providing these types of services. Finding the balance between protecting users from malicious content and maintaining usability remains a challenge.
Exchange Online relies on automated rules and machine learning to spot malicious content, but even small configuration changes can have serious consequences in large-scale cloud environments.
This is not the first time Microsoft has addressed similar issues. In March last year, an Exchange Online bug caused anti-spam systems to quarantine valid messages, while a separate May incident saw emails from Gmail accounts incorrectly labeled as spam.
Additionally, in September, an anti-spam service error blocked users from opening URLs across Exchange Online and Microsoft Teams.
Microsoft said they will provide an estimated timeline for when they expect to resolve the issue once they have completed all of the remediation activities.
They will also reportedly continue to update customers through their official service channels, including their Exchange Online documentation.
