Some users' legitimate email messages may be marked as phishing and quarantined in Exchange Online
ID: EX1227432
Issue type: Incident
|
|
|---|
|
|
Impacted services
Exchange Online
|
|
|---|
|
|
Details
Title: Some users' legitimate email messages may be marked as phishing and quarantined in Exchange Online
User impact: Users' legitimate email messages may have been marked as phishing and quarantined in Exchange Online.
More info: Users can expect messages which were previously quarantined by this incident to have been successfully delivered.
Final status: We’ve validated the successful release of the small portion of remaining messages and confirmed the impact associated with this incident is now resolved.
Scope of impact: Some users attempting to send or receive Exchange Online email messages may have been impacted.
Start time: Thursday, February 5, 2026, at 12:26 AM UTC
End time: Thursday, February 12, 2026, at 2:00 PM UTC
Preliminary root cause: An updated URL rule intending to identify more sophisticated spam and phishing email messages was incorrectly quarantining legitimate email messages in Exchange Online.
Next steps: We're reviewing our ongoing URL rule implementation processes to find ways to reduce similar false positive detections in the future while continuing to adapt and respond to evolving spam and phishing techniques.
We'll provide a preliminary Post-Incident Report within two business days and a final Post-Incident Report within five business days.
|
|
|---|
|
|
|
|
Did you find this email helpful?
Yes
No
|
|
|---|
|
|
To customize what’s included in this email, who gets it, or to unsubscribe, set your Service health preferences. If you are receiving this email because your Admin added you as a recipient, please contact your Admin to unsubscribe.
|
|
|---|
|
|
|
|
|