Microsoft is addressing a notable service degradation in Exchange Online that has disrupted business communications by mistakenly marking legitimate emails as phishing attempts. This issue, identified as EX1227432, started on February 5, 2026, causing valid messages to be quarantined instead of being delivered to their intended recipients.
The problem stems from a new anti-spam rule introduced to detect malicious URLs. Although designed to thwart sophisticated phishing attacks, this rule has proven excessively stringent, mistakenly identifying safe and legitimate URLs as threats. Consequently, emails containing these URLs are being automatically quarantined, impacting both incoming and outgoing mail flow. Users from various organizations have reported significant interference with essential business communications, as critical emails either fail to send or arrive.
Although Microsoft has not disclosed the exact number of affected customers, reports indicate that the problem primarily affects messages that contain specific URLs that trigger the faulty rule. The company is actively investigating the quarantined messages and is working on unblocking the legitimate URLs responsible for these complications. Some administrators have noted successes in getting previously blocked messages delivered as Microsoft intervenes to resolve the issue.
Despite these efforts, the situation is still ongoing. Microsoft has advised system administrators to check the Microsoft 365 Admin Center for real-time updates on the incident. While the company has promised an estimated timeline for a full resolution, many IT teams are currently forced to manually release emails from quarantine to maintain business continuity.
This incident underscores the challenges associated with AI-driven security measures. As Microsoft enhances its defenses against increasingly sophisticated phishing attempts, the risk of mistakenly flagging benign content rises. During this period, organizations are encouraged to actively monitor quarantine folders to release legitimate emails, report any erroneous flags through the quarantine portal, and exercise caution against creating overly broad exclusion policies, as strong phishing detection rules often disregard standard overrides.
Microsoft has pledged to implement improvements to prevent future occurrences of this nature. This episode serves as a critical reminder that even the most advanced cloud email systems necessitate ongoing vigilance to ensure optimal functionality.