Microsoft is investigating a persistent problem in Exchange Online that for weeks has caused intermittent access to mailboxes from Outlook mobile applications and from the new Outlook client for macOS. According to the communiqués published at the management message centre, the company initially detected a change in infrastructure - related to the introduction of a virtual account - as a possible source, marked the incidence as resolved in early April and soon thereafter reopened the follow-up under another identifier to continue the investigation. You can check the official notifications at the Microsoft management center in the notices EX1256020 and EX1268771.
In its most recent updates, the Exchange Online team indicate that one of the ongoing measures is to restart the service called Notification Broker in the affected infrastructure parts to mitigate impact while continuing with a deeper analysis of the root cause. This type of rebeginning is a common containment action.: allow to recover delivery or synchronization capacity in the short term while investigating why the component failed or generated unexpected behavior.
Microsoft has described the effect as intermittent, which complicates both the detection and the quantification of the actual reach. The company has not published precise public details about affected regions or the number of users affected by these weeks of problems, which is common when communications are managed mainly from the management message centre. If you want to better understand how and where Microsoft publishes this type of ad, its documentation on the status of the service and the message center is available in the official help: Service health in Microsoft 365 and the message center for administrators.
This incident is in addition to a succession of recent setbacks in Exchange Online services that have affected different protocols and customers in recent months: early this month there was an interruption that prevented access to mailboxes and calendars from Outlook on the web, Desktop Outlook, Exchange ActiveSync and other protocols, and also solved login problems related to Office.com and Copilot web capabilities. Other previous episodes included intermittent interruptions in IMAP4 and synchronization problems with classic Outlook customers. The frequency of these incidents underlines the operational complexity of maintaining a global cloud mail and synchronization service especially when multiple versions of customers and protocols coexist with continuous changes in the platform.
For IT administrators and managers, the situation raises a number of practical concerns: intermittent nature makes reproduction and diagnosis difficult, and the lack of public detail on scope may complicate communication to end users. As Microsoft advances in research, the usual recommendations include monitoring the message center and the status panel (for managers) and, if appropriate, opening a Microsoft support case to accelerate attention when the problem affects critical operations. Official documentation on incident management and how to scale problems is available in Microsoft 365 resources mentioned above.
If you are a user affected by mail access problems on mobile Outlook or in the new Outlook for Mac, there are temporary measures that are often useful: try to access through Outlook on the web (OWA) to confirm that the mailbox is operational from another route, update the applications to the latest version, and in specific cases delete and add the account to the client. These actions do not solve the underlying cause in the cloud service, but can reduce the impact while Microsoft applies the corrections.
Beyond the technical steps, this episode recalls that even large suppliers can have regressions by introducing changes in global services and that transparency on scope and progress in resolution is vital for managers and users to plan responses. Maintaining local copies of critical data, designing continuity plans that consider temporary degradation and using multiple access channels (web, mobile and alternative desktop client) are practices that reduce operational vulnerability to such incidents.
I will be attentive to new updates from the Online Exchange team and Microsoft message center; if you want, I can follow the thread and let you know when there is a statement that details the root cause or exact reach of the affected users and regions. As sources for real-time verification, see Microsoft 365 status panel and the corresponding entries in the Microsoft management center whose reference appears at the beginning of this article.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...