Overview
- Microsoft traced the incident to a February 5 update to a URL detection rule that incorrectly marked safe links as malicious.
- Legitimate inbound and outbound messages were quarantined, disrupting email delivery for organizations using Exchange Online.
- Engineers are reviewing and releasing quarantined emails, and some users are seeing previously held messages arrive in their inboxes.
- Microsoft is working to confirm and unblock legitimate URLs under incident ID EX1227432, but has not disclosed the scale of impact.
- Administrators are advised to keep protections enabled, monitor quarantine folders, and report false positives through Microsoft’s submission tools.