Microsoft's Own Anti-Phishing System Has Been Blocking Legitimate Business Emails for a Week — And There's No Fix Yet

Since 5 February, Microsoft Exchange Online has been silently swallowing legitimate business emails. Most people affected still don't know it.

The problem, tracked as service incident EX1227432, began when a new URL detection rule started incorrectly flagging safe links as phishing threats. The rule was supposed to catch hackers hiding dangerous URLs inside emails. Instead, it turned on the very users it was meant to protect, quarantining ordinary messages before they could reach anyone's inbox.

Both inbound and outbound emails are affected. That means something you sent last week may never have arrived. And a reply you've been waiting on could be trapped in a quarantine folder you didn't know existed.

Microsoftclassified the disruption as a service incident, which indicates noticeable user impact. But the company hasn't said how many customers or regions are affected. There's no firm timeline for a full fix either. The incident started at 10:31 AM EST and has now stretched past the one-week mark.

Here's where it gets personal for anyone running abusiness.

According to Cyber Press, emails containing links to trusted platforms like Dropbox have been failing to deliver. We're talking invoices, contract renewals, client updates, and bank notifications. Not bouncing. Not landing in spam. Just vanishing into quarantine without a trace.

Payment deadlines may have been missed. Contract windows may have closed. Client relationships may have taken damage. All because a security filter decided a perfectly safe link looked suspicious.

Quarantined messages end up in the Microsoft 365 Defender portal, labelled 'High Confidence Phishing'. Admins can manually review and release them, but it's slow, grinding work. Administrators worldwide have described productivity stalling as teams scramble to free trapped messages.

This is the part that stings most. Standard fixes don't work here.

High-confidence phishing detections in Exchange Online override most tenant-side 'allow' settings. IT admins who tried to whitelist trusted senders or domains found the system ignoring their changes entirely. WinBuzzer reported that this has left IT teams with few options beyond waiting for Microsoft to sort it out from their end. Some organisations have resorted to routing emails through alternative gateways or calling partners directly to check whether messages got through.

Source: International Business Times UK