Microsoft's Exchange Online quarantines legitimate emails mistakenly flagged as phishing — disrupting worldwide inboxes

News
By published

A glitch in a detection rule in Exchange Online has been flagging safe emails as phishing threats.

Microsoft Exchange Online logo displayed on a Lenovo laptop screen
(Image credit: Microsoft | Edited with Gemini)

A recent incident led Microsoft to identify an issue with its Exchange Online service that mistakenly flagged legitimate emails as phishing and quarantined them. "Some users' legitimate email messages are being marked as phish[sic] and quarantined in Exchange Online," added Microsoft.

The software giant traces the issue back to February 5, 2026, and says the issue continues to affect Exchange Online users, preventing them from sending or receiving emails.

We've determined that the URLs associated with these email messages are incorrectly marked as phishing and quarantined in Exchange Online due to ever-evolving criteria aimed at identifying suspicious email messages, as spam and phishing techniques have become more sophisticated in avoiding detection.

Microsoft

The company revealed that an updated URL detection rule was the root cause of the issue. Instead of correctly identifying spam and phishing emails, it mistakenly flagged legitimate messages in Exchange Online (via BleepingComputer).

In the interim, Microsoft engineers are actively working to release quarantined emails. As such, affected users might start seeing previously flagged emails in their inboxes.

"We're reviewing the release of quarantined messages for affected users and working on confirming legitimate URLs are unblocked," Microsoft indicated. "Some users may see their previously quarantined messages successfully delivered and we're working to confirm full remediation. We'll provide an estimated time to resolve when one becomes available."

So, Microsoft is working to find a permanent solution to the issue. However, it hasn't provided an exact timeline on when it should be able to completely mitigate it. The company will at least continue to uphold security protections against phishing threats.

A pink banner that says "What do you think?" and shows a dial pointing to a mid-range hue on a gradient.

Have you been impacted by the Exchnage Online bug flagging legitimate emails as phishing threats? Let me know in the comments section!

Click to join us on r/WindowsCentral

Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.

Kevin Okemwa
Kevin Okemwa
Contributor

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.