Microsoft Exchange Online is reportedly misclassifying legitimate emails as phishing, sending them to quarantine and disrupting normal email delivery for some Microsoft 365 customers.
Multiple technology news outlets cited Microsoft service health communications indicating the issue is tied to recent changes in Exchange Online’s phishing URL detection logic.
What’s Going On?
According to reports, legitimate business emails began appearing in quarantine labeled as “High Confidence Phishing.” In affected environments, routine communications were either blocked or delayed, even though they contained no malicious content.
The issue appears to stem from an update to Microsoft’s anti-phishing URL detection system. Instead of identifying only suspicious or malicious links, the revised detection logic reportedly triggered false positives, incorrectly flagging safe emails as threats.
Organizations experiencing the issue reported:
- Legitimate inbound emails being quarantined
- A spike in administrative review and manual release work
- Disruptions to normal business communication
Because Microsoft’s detailed service health updates are only available to authenticated Microsoft 365 administrators, broader public visibility into the incident relies primarily on independent reporting.
Mitigation Efforts Underway
Coverage indicates that Microsoft has begun investigating the problem and is working to reduce false positives. Reportedly, mitigation efforts include reviewing affected URLs and refining detection rules.
At the time of writing, Microsoft has not published a publicly accessible incident report with a full technical explanation or clear resolution timeline.
Why This Matters
Exchange Online is one of the most widely used enterprise email platforms in the world. Even minor filtering changes can have immediate and widespread operational impact.
When phishing filters generate false positives, the consequences can include:
- Delayed or interrupted time-sensitive communication
- Increased workload for IT and security teams
- Uncertainty about whether important messages are reaching recipients
This situation highlights a familiar challenge in email security: filters must be aggressive enough to block real phishing attempts, but overly sensitive rule updates can quickly disrupt legitimate mail flow.
What Organisations Should Watch Out For
Organizations using Exchange Online may want to:
- Monitor quarantine volumes for unusual spikes
- Review emails labeled “High Confidence Phishing”
- Stay updated through Microsoft admin communications and trusted reporting
- Alert internal teams if delivery delays are observed
The Bottom Line
Reports suggest that recent changes to Exchange Online’s phishing detection logic led to widespread false positives, causing legitimate emails to be quarantined. While mitigation efforts are reportedly in progress, organizations should closely monitor their quarantine activity until the issue is fully resolved.
Sources
BleepingComputer — Microsoft Exchange Online flags legitimate emails as phishing
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-flags-legitimate-emails-as-phishing/
Windows Central — Exchange Online quarantines legitimate emails as phishing
https://www.windowscentral.com/software-apps/microsoft-exchange-online-quarantines-legit-emails-as-phishing
CyberSecurityNews — Microsoft Exchange Online flags legitimate email
https://cybersecuritynews.com/microsoft-exchange-online-flags-legitimate-email/
