Flags for Microsoft Exchange Online Valid Email Due to a service outage, Microsoft Exchange Online is incorrectly classifying emails from customers as phishing, quarantining them, and interfering with communication This article explores emails placed quarantine. . The problem, known as EX1227432, began at 10:31 AM EST on February 5, 2026, and is still present today.

Because some users are unable to send or receive emails normally, Microsoft categorizes this as an Exchange Online incident. Due to excessively strict detection criteria intended to thwart sophisticated spam and phishing techniques, legitimate messages are being flagged as phishing. The cause is a new URL rule that incorrectly classifies secure URLs as malicious, resulting in quarantines. The productivity of businesses using Exchange Online is impacted as impacted users see their outgoing and incoming emails placed in quarantine.

Although Microsoft has not disclosed the specific regions or customer numbers impacted, the scope targets particular email messages with flagged URLs. After Microsoft's actions, some previously quarantined messages are now delivering, although administrators report that manual releases are still required. In order to restore service, the business is actively checking quarantined messages and unblocking trustworthy URLs.

Progress has been confirmed by updates over the weekend; full remediation is anticipated soon, and a projected resolution time is forthcoming. Microsoft advises impacted users to check the status of EX1227432 on the Microsoft 365 admin center. Exchange Online has experienced numerous false positives, so this is not unique. A machine learning model incorrectly classified Gmail emails as spam in May 2025 (EX1064599).

In March, legitimate messages were quarantined by anti-spam systems, and in September 2025, bugs blocked URLs in Teams and emails.

In previous instances, attachments and bit.ly links set off high-confidence phishing flags. Exchange's anti-phishing policies, which take precedence over whitelists for high-confidence detections, are causing a lot of annoyance on cybersecurity forums. Since 2022, Reddit users have been reporting ongoing problems, frequently necessitating support tickets for backend fixes.

DMARC-lacking senders with attachments or signatures with a lot of images that cause quarantines are examples of patterns that sysadmins observe. Microsoft's constantly improving defenses run the risk of overreaching as phishing changes, striking a balance between security and usability. The difficulties with AI-driven email filtering in the face of growing threats like spoof internals are highlighted by this incident. It is recommended that organizations use quarantine tools to report false positives and think about using third-party filters for redundancy.

Find out more Security of computers Guidelines for incident response planning Hacking news notifications Although there is currently no timeline for complete fixes, Microsoft stressed in a statement that continuous improvements are necessary to prevent recurrence. Because high-confidence phishing ignores the majority of overrides, customers should regularly check quarantines and refrain from circumventing policies. X, LinkedIn, and LinkedIn for daily ZeroOwl.

To have your stories featured, get in touch with us.