Listen to this Post
Microsoft is currently investigating an issue with Exchange Online where anti-spam systems are mistakenly quarantining emails for some users. The problem began approximately five hours ago at 10:11 UTC, as reported in the Microsoft 365 Admin Center. The incident has been marked as a critical service issue and is being tracked under the hashtag #EX1038119. While Microsoft has not yet disclosed the specific regions affected, the issue is significant enough to warrant immediate attention.
For more details, you can visit the official incident report: Microsoft Exchange Online Incident
You Should Know:
If you are an IT administrator or a user affected by this issue, here are some steps and commands to help you manage and potentially resolve the problem:
1. Check Quarantined Emails:
- PowerShell Command:
Use the following PowerShell command to list all quarantined emails in your Exchange Online environment:Get-QuarantineMessage -QuarantineTypes Spam, Phish, Malware
This command will help you identify emails that have been mistakenly quarantined.
2. Release Quarantined Emails:
- PowerShell Command:
To release a specific quarantined email, use:
Release-QuarantineMessage -Identity <MessageID> -ReleaseToAll
Replace `
3. Modify Anti-Spam Policies:
- PowerShell Command:
If you suspect that the anti-spam policies are too aggressive, you can modify them using:Set-HostedContentFilterPolicy -Identity Default -HighConfidenceSpamAction MoveToJmf -SpamAction MoveToJmf
This command adjusts the spam action to move emails to the Junk Mail Folder (JMF) instead of quarantining them.
4. Monitor Exchange Online Health:
- PowerShell Command:
To monitor the health of Exchange Online, use:
Get-ServiceHealth -ServiceName ExchangeOnline
This command provides real-time status updates on the service.
5. Check Service Health via Admin Center:
- Manual Steps:
- Log in to the Microsoft 365 Admin Center.
2. Navigate to Health > Service Health.
- Look for any ongoing incidents related to Exchange Online.
6. Update Your Incident Response Plan:
- Ensure your incident response plan includes steps for handling email quarantine issues. This should include communication protocols for affected users and a rollback plan if necessary.
What Undercode Say:
This incident highlights the importance of having robust monitoring and response mechanisms in place for cloud-based services like Exchange Online. IT administrators should regularly review and update their anti-spam policies to avoid false positives that could disrupt business operations. Additionally, leveraging PowerShell commands can significantly streamline the process of managing quarantined emails and monitoring service health.
Here are some additional Linux and Windows commands that can be useful in similar scenarios:
- Linux Command to Monitor Logs:
tail -f /var/log/mail.log
This command allows you to monitor email logs in real-time on a Linux server.
-
Windows Command to Check Network Connectivity:
ping outlook.office365.com
Use this command to verify network connectivity to Exchange Online.
-
Linux Command to Check DNS Resolution:
nslookup outlook.office365.com
This command helps you verify DNS resolution for Exchange Online.
-
Windows Command to Flush DNS Cache:
ipconfig /flushdns
Use this command to clear the DNS cache on a Windows machine.
Expected Output:
By following the steps and commands outlined above, you should be able to effectively manage and resolve issues related to mistakenly quarantined emails in Exchange Online. Regular monitoring and policy reviews will help prevent similar incidents in the future.
References:
Reported By: Phuong Nguyen – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
