Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them, leaving users unable to send or receive messages. The incident began on February 5 and continues to affect customers.
“Some users’ legitimate email messages are being marked as phish and quarantined in Exchange Online,” Microsoft said in a service alert on Thursday.
The cause, according to Microsoft, is a new URL rule designed to identify increasingly sophisticated phishing attempts. “We’ve determined that the URLs associated with these email messages are incorrectly marked as phish and quarantined in Exchange Online due to ever-evolving criteria aimed at identifying suspicious email messages, as spam and phishing techniques have become more sophisticated in avoiding detection,” the company said.
Over the weekend, Microsoft confirmed the bug is tied to this updated rule: “An updated URL rule intending to identify more sophisticated spam and phishing email messages is incorrectly quarantining legitimate email messages in Exchange Online, resulting in impact.” While the number of affected customers and regions is unclear, Microsoft has classified it as an incident, reflecting noticeable user impact.
The immediate effect is disruptive. Users may miss critical emails, while Microsoft works to release quarantined messages and unblock legitimate URLs. “We’re reviewing the release of quarantined messages for affected users and working on confirming legitimate URLs are unblocked,” the company said.
“Some users may see their previously quarantined messages successfully delivered and we’re working to confirm full remediation. We’ll provide an estimated time to resolve when one becomes available.”
Understanding Phishing and Staying Safe
Phishing is a tactic where attackers impersonate trusted contacts or services to trick people into revealing sensitive information, like passwords or verification codes. Attackers craft emails or messages to look authentic, often creating urgency by warning of account problems or data loss.
In Exchange Online, Microsoft’s automated systems aim to block these attacks, but occasionally, legitimate emails are caught in the net.
To protect yourself:
- Check the sender carefully: Watch for unusual domains or mismatched addresses.
- Hover over links to confirm they lead where they claim.
- Enable multi-factor authentication (MFA) to add an extra layer of security.
- Be wary of urgent requests asking for credentials or codes.
- Use official channels to verify messages instead of responding directly.
Even as Microsoft updates its defences, user vigilance remains key to avoiding phishing attacks while navigating the occasional false positives.
Microsoft Rolls Out an Emergency Fix for a Windows 11 Shutdown Bug
The same update also caused sign-in failures in some Remote Desktop connections.
