Microsoft's email security update sparks global communication issues

Microsoft is currently investigating a widespread Exchange Online incident that has incorrectly flagged authentic emails as phishing, leading to major disruption to business communications worldwide.

The issue is labelled under the ID EX1227432, initiated on February 5. However, till now it has not been resolved and has affected many organisations that rely on Microsoft 365 for daily operations.

As per Microsoft officials, the issue originates from an updated URL detection rule that was rolled out to combat increasingly sophisticated phishing attacks.

While it focused to improve security, the new rule proved overly aggressive, mistakenly labelling safe URLs as malicious.

Resultantly, legitimate emails (both inbound and outbound) have been automatically quarantined. This leads to major disruption in businesses, preventing users from sending or receiving critical messages.

Microsoft has labelled the situation as an official incident, showcasing noticeable user impact, though it has not disclosed how many customers or regions are affected.

The official teams are continuously working to resolve the faulty configuration and reviewing the quarantined messages at the same time.

Some users have reported previously flagged emails delivered successfully.

Despite widespread disruption, Microsoft has advised administrators not to disable security protections completely. Rather, IT teams are encouraged to monitor quarantine folders closely and report false positives through Microsoft’s submission tools to help retrain filtering models.

What is phishing?

Phishing is a deceptive cybercrime where attackers act as trusted entities via email, SMS, or website to steal sensitive data, including passwords, credit card numbers, or banking details. Attackers usually create a sense of fake urgency, anxiety, or fear to psychologically manipulate users.