Beginning February 9, 2026, a widespread false-positive storm was caused by a flawed URL filtering rule update in Microsoft Exchange Online This article explores quarantined disrupting email. . This update caused legitimate email messages to be mistakenly flagged as phishing and quarantined, disrupting email workflows for organizations worldwide.

The incident was tracked by Microsoft with reference EX1227432. Following a five-day remediation period during which Microsoft engineers sought to locate and release the incorrectly quarantined messages, the problem was formally fixed on February 13, 2026. An updated URL filtering rule that Microsoft implemented to improve detection of complex spam and phishing campaigns was the primary cause. Although improving anti-phishing coverage was the goal, the rule change's logical flaws led it to flag valid URLs found in regular business emails.

Because of this, messages that did not actually pose a threat were quarantined by Exchange Online's anti-spam engine, which prevented senders from successfully delivering their messages and prevented recipients from receiving anticipated correspondence. Although the NHS-affiliated advisory indicates the disruption affected enterprise and healthcare-sector tenants, ZeroOwl previously reported that the impact was limited to "some users" sending or receiving Exchange Online emails. The number of impacted mailboxes and messages was not disclosed by Microsoft.

Event Date & Time Incident Incident Timeline reported at 8:30 AM on February 9, 2026 February 9, 2026: Initial Root Cause Found Release of Messages started February 9–13, 2026 Final Settlement Verified at 09:01 AM on February 13, 2026 Before resolving the issue, Microsoft confirmed that the remaining quarantined messages had been successfully released.

In order to prevent similar false-positive detections in the future, the company admitted in its post-event statement that URL rule implementation procedures needed to be improved. A challenging balancing act between aggressive detection coverage and minimizing collateral impact on legitimate mail flow, Microsoft also underlined its commitment to modifying anti-phishing defenses as spam and phishing techniques continue to evolve. A recurring issue in email security is brought to light by this incident: excessively strict filtering rules can cause as much disruption as the threats they are intended to stop.

To prevent false positives from silently delaying important correspondence, organizations that rely significantly on Exchange Online for critical communication—especially in the public sector and healthcare industries—are encouraged to regularly audit quarantine folders and set up quarantine digest notifications.

Millions of enterprise tenants still rely on Microsoft Exchange Online's anti-phishing infrastructure as their first line of defense, so cautious rule validation and phased rollouts are crucial to preventing similar incidents in the future. For daily cybersecurity updates, check out LinkedIn and X. To have your stories featured, get in touch with us.