Microsoft's Own Anti-Phishing System Has Been Blocking Legitimate Business Emails for a Week — And There's No Fix Yet

Since 5 February, Microsoft Exchange Online has been silently swallowing legitimate business emails. Most people affected still don't know it.

The problem, tracked as service incident EX1227432, began when a new URL detection rule started incorrectly flagging safe links as phishing threats. The rule was supposed to catch hackers hiding dangerous URLs inside emails. Instead, it turned on the very users it was meant to protect, quarantining ordinary messages before they could reach anyone's inbox.

Both inbound and outbound emails are affected. That means something you sent last week may never have arrived. And a reply you've been waiting on could be trapped in a quarantine folder you didn't know existed.

Microsoft classified the disruption as a service incident, which indicates noticeable user impact. But the company hasn't said how many customers or regions are affected. There's no firm timeline for a full fix either. The incident started at 10:31 AM EST and has now stretched past the one-week mark.

Your Invoice Might Be Sitting in Quarantine Right Now

Here's where it gets personal for anyone running a business.

According to Cyber Press, emails containing links to trusted platforms like Dropbox have been failing to deliver. We're talking invoices, contract renewals, client updates, and bank notifications. Not bouncing. Not landing in spam. Just vanishing into quarantine without a trace.

Payment deadlines may have been missed. Contract windows may have closed. Client relationships may have taken damage. All because a security filter decided a perfectly safe link looked suspicious.

Quarantined messages end up in the Microsoft 365 Defender portal, labelled 'High Confidence Phishing'. Admins can manually review and release them, but it's slow, grinding work. Administrators worldwide have described productivity stalling as teams scramble to free trapped messages.

Even Your IT Team Can't Override the Block

This is the part that stings most. Standard fixes don't work here.

High-confidence phishing detections in Exchange Online override most tenant-side 'allow' settings. IT admins who tried to whitelist trusted senders or domains found the system ignoring their changes entirely. WinBuzzer reported that this has left IT teams with few options beyond waiting for Microsoft to sort it out from their end. Some organisations have resorted to routing emails through alternative gateways or calling partners directly to check whether messages got through.

Over the weekend, Microsoft said that it's 'reviewing the release of quarantined messages for affected users and working to confirm legitimate URLs are unblocked.'

But as of 10 February, the company also disclosed it had hit a new snag: an issue with the unblocking process itself needed to be resolved before quarantined emails could be released.

Some trapped messages have since been delivered. Full remediation remains incomplete. Microsoft's next scheduled update was expected today, 11 February, but as of writing, the recovery from Service Incident EX1227432 remains a 'partial success' at best.

This Keeps Happening

This isn't a one-off; Exchange Online has a history of similar issues. In May 2025, a machine learning model flagged Gmail emails as spam under incident EX1064599. Earlier that year, anti-spam systems quarantined legitimate messages, and by September, a bug blocked users from opening URLs in both Exchange Online and Microsoft Teams.

According to WinBuzzer, the current incident echoes a June-July 2024 disruption when Exchange Online's phishing detection system misidentified certain domain creation dates, mistakenly flagging legitimate emails. Each time, the cycle repeats: an aggressive security update, unintended fallout, a scramble to fix things, and then it happens again.

For businesses caught in this latest wave, the irony is hard to ignore—the very system built to protect their inboxes is causing the damage. Microsoft urges affected users to monitor the Microsoft 365 admin centre for updates on EX1227432, but for those who missed deadlines or lost client replies in quarantine, that advice may be too late.