Microsoft cloud service disruptions affecting Microsoft 365, Exchange Online, and Windows Update/Store
Microsoft reported multiple service-impacting incidents across its cloud ecosystem. Administrators in North America and Canada experienced an outage and degraded performance in the Microsoft 365 admin center, with some users also unable to access the M365 app or raise support tickets; Microsoft said it was analyzing telemetry, usage patterns, and CPU utilization, and reviewing user-provided HAR files to isolate the root cause.
Separately, Exchange Online quarantined legitimate messages after an updated URL rule incorrectly marked some URLs as phishing, disrupting email flow for affected customers while Microsoft worked to release quarantined mail and unblock legitimate URLs. In another disruption, Microsoft attributed Windows Update and Microsoft Store failures/timeouts (notably impacting Windows 11 users) to a utility power interruption at a West US datacenter, which cascaded into issues with Azure storage clusters supporting content delivery; backup power engaged and power was later stabilized, but service recovery required additional remediation beyond restoring electricity.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
9 events from the most recent confirmed update back to the earliest known activity.
Microsoft investigates telemetry and user diagnostics for admin outage
As the Microsoft 365 admin center incident continued, Microsoft analyzed telemetry, CPU utilization, usage patterns, and HAR files from affected users to isolate the cause. At the time of reporting, the company had not identified a confirmed root cause and suggested workarounds such as Microsoft Graph API or legacy admin portals for urgent tasks.
Microsoft tracks admin center incident as MO1230320
Microsoft published the North America admin center disruption on its service health dashboard as Issue ID MO1230320. The company said telemetry showed intermittent authentication endpoint and admin portal API failures, with users seeing HTTP 5xx errors, long load times, and session timeouts.
Microsoft 365 admin center outage impacts North American administrators
On 2026-02-10, Microsoft began investigating a service degradation preventing some business and enterprise administrators in North America from accessing the Microsoft 365 admin center. Affected users also reported degraded functionality in the admin portal and M365 app, including problems raising support tickets.
Microsoft identifies Exchange Online URL rule as root cause
Microsoft later confirmed the Exchange Online false positives were caused by an updated URL rule that mistakenly marked some legitimate URLs as malicious. The company began releasing quarantined messages and unblocking affected URLs as mitigation.
Microsoft reports most Store and Windows Update services restored
By 2026-02-08, Microsoft said most services affected by the West US datacenter outage were back online, though residual latency was expected while storage consistency checks completed. The company advised users to retry later and told administrators to consult Azure Service Health for tenant-specific status.
Microsoft activates backup power and begins datacenter recovery
Microsoft said backup power systems activated and utility power was stabilized after the West US outage, but recovery was prolonged by cold-start and re-synchronization requirements for Azure storage services. The incident also degraded telemetry pipelines, causing monitoring and log delays for some Azure resources.
West US datacenter power outage disrupts Store and Windows Update
Around 08:00 UTC on 2026-02-07, a power outage at a Microsoft West US datacenter caused widespread disruption affecting Azure-dependent services, including Microsoft Store and Windows Update. Windows 11 users were unable to download apps or complete updates, and Azure customers saw timeouts and failures.
Microsoft acknowledges Exchange Online incident via service alert
After the email filtering issue began, Microsoft publicly acknowledged the Exchange Online incident in a service alert and said evolving anti-phishing criteria and URL-based detections were involved. The company classified it as an incident with noticeable user impact.
Exchange Online phishing false positives begin quarantining legitimate email
Microsoft said an Exchange Online incident started on 2026-02-05, causing legitimate emails to be incorrectly flagged as phishing and quarantined. The issue disrupted customers' ability to send and receive email.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Microsoft 365 Admin Center Outage Hits users in North America
cybersecuritynews.com
Open sourceMicrosoft 365 outage takes down admin center in North America
bleepingcomputer.com
Open sourceMicrosoft: Exchange Online flags legitimate emails as phishing
bleepingcomputer.com
Open sourceMicrosoft Data Center Power Outage Disrupts Windows 11 Updates and Store Functionality
cybersecuritynews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Service Disruptions Impact Microsoft 365 and Amazon Customer Transactions
Microsoft reported a **Microsoft 365 service disruption in North America** that affected access to multiple services, including the **Microsoft 365 Admin Center**, limiting administrators’ ability to manage users and view service health/security posture. Microsoft’s investigation, tracked via the Microsoft 365 admin center and service health communications, pointed to a likely **Content Delivery Network (CDN) configuration issue** as the root cause, with engineers iterating through telemetry review and narrowing the suspected trigger to CDN configuration. Amazon also experienced a **partial outage** affecting customer shopping workflows, with widespread user reports of problems loading product pages, using the mobile app, and especially **checkout/add-to-cart** functionality across major US cities. Amazon acknowledged the disruption publicly and stated it was working to resolve the issue, while the underlying cause was not yet confirmed at the time of reporting.
Mar 21, 2026
Microsoft 365 Disruptions: Exchange Online False-Positive Phishing Blocks and Microsoft Teams Service Degradation
Microsoft reported a Microsoft 365 security-service failure in which **Exchange Online** anti-phishing heuristics incorrectly classified thousands of legitimate URLs as credential-phishing, leading to quarantined emails, blocked link access, and removal of messages via automated actions (including ZAP) across **email and Microsoft Teams**. The incident (tracked as `EX1227432`) ran from Feb 5 to Feb 12 and generated false XDR-style alerts such as “potentially malicious URL click was detected”; Microsoft attributed the impact to a **logic error** in newly updated heuristic detection, with additional tooling and a separate signature-system bug compounding and delaying rollback. Separately, Microsoft also worked an active **Microsoft Teams** outage/service degradation (tracked as `TM1233974`) affecting some users in the **United States and Europe**, with delays/failures sending and receiving chats that include inline media and issues joining meetings or signing in. A third item—abuse of **Atlassian Jira Cloud** notification emails to deliver localized scam lures and redirect victims to casino/investment fraud—describes a distinct threat campaign unrelated to the Microsoft 365 incidents and should be treated as a separate story.
Mar 21, 2026
Microsoft 365 Service Incident and Separate Windows/Outlook Update Issues
Microsoft reported a service incident impacting **Microsoft 365** core services, with users experiencing connectivity issues and service degradation across **Exchange Online**, **Microsoft Teams**, and the broader M365 suite. The incident was tracked as `MO1220495`, with Microsoft stating it was still in the *investigating/diagnostic* phase and providing no estimated time to resolution; organizations were directed to monitor the Microsoft 365 Service Health Dashboard for tenant-specific impact details. Separately, Microsoft published guidance for a client-side stability issue where the classic **Outlook desktop** app can freeze/hang after installing recent Windows security updates (notably `KB5074109`, and also `KB5073724`), particularly affecting POP accounts and scenarios where Outlook `PST` files are stored on cloud-backed storage such as **OneDrive**. Recommended mitigations included using webmail, moving `PST` files off OneDrive, or uninstalling the problematic updates while Microsoft investigates. A third item describing “Microsoft data breach” and “zero-day vulnerabilities” is largely a repackaged Patch Tuesday/vulnerability roundup and does not substantively align with the M365 service incident or the Outlook-freeze regression.
Mar 21, 2026