Microsoft, the leading tech giant, is currently examining Exchange Online Service incidents that are falsely flagging legitimate emails as phishing and quarantining them, disrupting business communications globally.
The issue, identified as EX1227432, started on February 5, 2026, at 10:31 AM IST and is ongoing, preventing customers from sending or receiving emails.
Microsoft confirmed the issue in a service alert, stating, “Some users' legitimate email messages are marked as phishing and quarantined in Exchange Online.” The company has identified the main cause as a newly introduced URL detection rule to identify advanced phishing attempts.
New URL Detection Rule Being the Root Cause
Microsoft acknowledged the issue in a service alert, stating, “Some users' legitimate email messages are being marked as phishing and quarantined in Exchange Online.” The company later identified the root cause as a newly introduced URL detection rule designed to identify advanced phishing attempts. Moreover, the rule classifies safe URLs as malicious, resulting in widespread false positives.
Microsoft has not yet confirmed how many customers have been affected by this issue or which regions have been affected; it has called it an incident with significant user impact. Some detections have been classified as “high confidence phish,” which can override existing allow lists, making it difficult for administrators to quickly restore blocked messages.
Microsoft Working Towards the Resolution
The company is working on reviewing quarantined messages and unblocking legitimate URLs. Microsoft stated, “We’re reviewing the release of quarantined messages for affected users and working on confirming legitimate URLs are unblocked. “Also, some of the previously quarantined messages have started reaching inboxes, even though the complete resolution timeline has not been announced yet.
This is not a new issue. Exchange Online has faced similar false-positive incidents in recent years, including the May 2025 incident in which machine learning wrongly flagged Gmail messages as spam, and other incidents in which anti-spam bugs blocked URLs in emails and Microsoft Teams messages.
To avoid such incidents, Microsoft has suggested that customers keep a close eye on the Microsoft 365 admin center for updates and review quarantined messages while the effort to find the right resolution continues.
To stay informed about all the latest news around the tech landscape, head over to our news section now.
Also Read:
