Exchange Online quarantines legitimate emails: 5-day Microsoft incident disrupts businesses

Microsoft Exchange Online faced a major service disruption starting February 5, 2026, when legitimate business emails began getting incorrectly flagged as phishing attempts and quarantined. The incident, tracked as EX1227432, affected organizations worldwide and continues as Microsoft works to restore normal email flow. According to Windows Central’s official coverage, the problem stems from an overly aggressive URL detection rule deployed by Microsoft’s anti-spam systems.

The faulty filter disrupted critical business communications, trapping both inbound and outbound messages in quarantine folders. IT administrators across enterprises scrambled to manually release legitimate emails while Microsoft engineers worked to identify and fix the root cause. This incident joins a pattern of similar Exchange Online anti-spam false positives that have occurred throughout 2025, affecting everything from data breach notifications to routine business correspondence.

Exchange Online Email Crisis Tracker

INCIDENT: EX1227432

📅 Incident Timeline

Feb 5, 2026
10:31 AM EST

Incident Begins

Microsoft Exchange Online starts incorrectly flagging legitimate emails as phishing attempts

Feb 6, 2026

Microsoft Acknowledges

Service alert issued confirming URLs associated with emails are incorrectly marked as phishing

Feb 8-9, 2026
Weekend

Root Cause Identified

Microsoft confirms new URL rule is incorrectly quarantining legitimate messages

Feb 10, 2026
Ongoing

Remediation In Progress

Engineers reviewing quarantined messages and unblocking legitimate URLs

🔍 How The Problem Works

✉️

Legitimate Email

Business communication with safe URLs

→

🔒

Quarantined

Email blocked from reaching inbox

📊 Business Impact

5 Days of Disruption

Ongoing Status as of Feb 10

Send & Receive Both Directions Affected

⚙️ What Went Wrong

Microsoft deployed an updated URL detection rule designed to identify sophisticated spam and phishing attacks. The rule was overly aggressive and began flagging safe, legitimate URLs as dangerous, triggering automatic quarantine of business emails.

Technical Note: The new anti-spam criteria evolved to counter sophisticated phishing techniques but lacked proper calibration, resulting in false positives across Exchange Online tenants.

🔧 Check Your Email Status

Enter your organization’s domain to see if you might be affected by this incident

Your Email Domain:

📜 Recent Exchange Online False Positive History

September 2025

Anti-spam service bug blocked URLs in Exchange Online and Microsoft Teams, quarantining legitimate emails

May 2025

Machine learning model incorrectly flagged emails from Gmail accounts as spam

March 2025

Exchange Online bug caused anti-spam systems to mistakenly quarantine some users’ emails

🛠️ What IT Teams Should Do

Check Quarantine Regularly

Monitor the Microsoft 365 Admin Center quarantine section for legitimate emails flagged incorrectly

Release Emails Manually

Review and manually release quarantined legitimate messages to affected users

Monitor Admin Center

Check Microsoft 365 Admin Center for EX1227432 updates and resolution timeline

Report False Positives

Use submission tools to report incorrectly flagged emails to help train Microsoft’s filters

Avoid Disabling Security

Do not disable security protections entirely as the issue is temporary and not threat-related

🔗 Related Coverage & Resources

Official Windows Central Coverage ↗

Conduent Data Breach: 2.5M Americans Affected ↗

Why Incident Response Plans Fail ↗

Sarvam AI Vision: 84% OCR Accuracy ↗

The EX1227432 incident was discussed, covering the timeline from February 5 through February 10, 2026, the technical root cause involving an overly aggressive URL detection rule, and the business disruption experienced by Exchange Online users. Microsoft’s ongoing remediation efforts were outlined, including the manual release of quarantined emails and unblocking of legitimate URLs.

IT administrators facing similar issues can reference the workaround steps provided and monitor the Microsoft 365 Admin Center for real-time updates on incident resolution. The historical pattern of false positives in Exchange Online’s anti-spam systems was also documented. For organizations concerned about incident response preparedness, this situation provides a case study in cloud service disruptions and the importance of monitoring quarantine folders during such events.