Microsoft is currently addressing an Exchange Online issue that is incorrectly classifying legitimate emails as phishing attempts and placing them in quarantine. The problem, which began on February 5, continues to disrupt customers’ ability to send and receive messages.

According to Microsoft, the misclassification stems from URLs within emails being mistakenly flagged as malicious. The company explained that evolving detection criteria—designed to keep up with increasingly sophisticated phishing tactics—led to some safe URLs being caught by an updated filtering rule.

Over the weekend, Microsoft confirmed that a newly introduced URL‑scanning rule is the root cause, inadvertently marking certain links as harmful and triggering phishing alerts.

While Microsoft has not yet shared how many users or regions are affected, the issue has been designated as an active incident due to its noticeable impact on customers.

The company is working to restore normal mail flow and release messages that were incorrectly quarantined. Affected users may start to see previously blocked emails return to their inboxes as Microsoft validates and unblocks legitimate URLs.

Microsoft says it will provide an estimated timeline for full resolution once available.