Microsoft: Office 365 is blocking emails from Google, LinkedIn domains

Microsoft is working on addressing an Office 365 issue that has resulted in legitimate emails sent from multiple domains (including Google and LinkedIn) getting tagged as malicious and quarantined.

"Users having multiple issues related to email flow, links within email messages and the Microsoft Defender portal," Microsoft says in the Microsoft 365 admin center.

"Some users see legitimate email quarantined/marked as malicious in Exchange Online Protection & Defender for Office 365."

Microsoft says the issue stems from an accidental block placed on valid and healthy domains, which resulted in legitimated emails inadvertently being quarantined.

We’re working to release the quarantined email messages. Further information can be found under MO255463 in the admin center.

— Microsoft 365 Status (@MSFT365Status) May 10, 2021

Emailing scenarios directly impacted by this ongoing issue include but are not limited to:

• Users may be unable to send or receive email from various domains. Some of the domains include Google and LinkedIn.
• Users may notice legitimate messages are getting quarantined.
• Users are unable to access links within emails as they're identified as risky.
• Users may get blocked from sending emails, if their messages were incorrectly detected as spam or phish.
• Admins might see delays in getting latest alert information and email information in Threat Explorer.
• Microsoft Defender may be receiving a large amount of erroneous alerts, which could result in overall latency navigating within the Microsoft Defender portal.

Furthermore, Microsoft Defender for Office 365 and Microsoft 365 Defender users should expect to see additional impact including:

• An increase in the number of URL-related alerts for non-malicious URLs.
• An increase in the number of Zapped Phish AIR investigations within Microsoft Defender for Office
• Legitimate Emails being marked as malicious within Threat Explorer.
• Delays in getting the latest email information within Threat Explorer.

"We've ran commands to unblock the URLs, which will mitigate impact for all new email messages and links within email messages," the company added.

"We're working to release the email messages that were quarantined, as well as investigating options to restore the health of the Microsoft Defender portal."

Update 1: Microsoft has fixed the bug that led to legitimate emails getting quarantine and is working on releasing messages already quarantined by mistake.

We've fixed the Defender portal issue by removing erroneous alerts. We also confirmed that new legitimate emails will not be quarantined. We're continuing our work to process existing messages in quarantine. More details under MO255463 in the admin center.

— Microsoft 365 Status (@MSFT365Status) May 10, 2021

Update 2: Microsoft processed all mistakenly quarantined emails and is now unblocking users still unable to send new messages.

We've completed reprocessing the incorrectly quarantined emails. We're working to unblock some users who are still unable to send new messages and we're addressing additional aspects of Microsoft Defender Portal functionality. More details under MO255463 in the admin center.

— Microsoft 365 Status (@MSFT365Status) May 10, 2021

Update 3: Microsoft has resolved the email quarantine issues and unblocked all affected users. Still working on fully restoring the Microsoft Defender Portal.

We've unblocked all identified users who were unable to send new messages, restored legitimate mail flow, and resolved email quarantine issues. We'll continue work to remediate affected portions of the Microsoft Defender Portal. Future updates under MO255463 in the admin center.

— Microsoft 365 Status (@MSFT365Status) May 10, 2021

This is a developing story ...