All news with #exchange online tag

Reducing Abuse of Microsoft 365 Exchange Online Direct Send

🛡️ Cisco Talos warns that Microsoft 365 Exchange Online’s Direct Send feature, intended for legacy devices and line‑of‑business appliances, is being abused to bypass standard authentication and content inspection. Attackers are leveraging these unauthenticated SMTP flows in phishing and BEC campaigns by impersonating internal users and embedding obfuscated lures such as QR codes and empty‑body messages. Talos recommends a phased approach — inventorying dependencies, migrating devices to authenticated SMTP or partner connectors, and validating mailflows before enabling RejectDirectSend — to reduce risk without disrupting critical workflows.

Microsoft 365 Outage Disrupts Teams, Exchange, and MFA

⚠️ Microsoft is addressing an ongoing outage that is preventing users from accessing Microsoft 365 services, including Teams, Exchange Online, and the Microsoft 365 admin center. The incident is being tracked on the Service Health Dashboard and Microsoft is publishing updates on its Service Health Status page. The outage is also affecting Microsoft Entra single sign-on and Multi-Factor Authentication, with some users unable to receive MFA prompts or authenticate.

Microsoft Enables Default Auto-Archiving in Exchange Online

📥 Microsoft is enabling threshold-based auto-archiving by default for Exchange Online, moving the oldest items to users' archive mailboxes when primary mailbox usage approaches 90%, provided an archive is provisioned and has available space. The Managed Folder Assistant will continuously monitor mailbox sizes and archive until usage drops below the threshold. Rollout begins this month for public clouds and is scheduled for government clouds in November; users can tag items with the Never Move to Archive flag to prevent them from being archived. The change complements recent Defender for Office 365 updates that detect email bombing attacks.

Microsoft: Classic Outlook Crash Requires Support Ticket

🔧 Microsoft is investigating a known issue that causes classic Outlook on Windows to crash at launch for some Microsoft 365 customers. The vendor has not provided a public fix; affected customers must open a support case in the Microsoft 365 Admin portal so Exchange Online support can request a service change. Microsoft notes the error can stem from different causes but recent cases have involved user mailboxes, and it recommends capturing a Fiddler trace for triage. Temporary workarounds include using new Outlook for Windows or Outlook Web Access until mitigation is applied.

Microsoft Probes Exchange Online Outage in North America

⚠️ Microsoft is investigating an ongoing Exchange Online outage across North America that is preventing users from accessing mailboxes via any Exchange Online connection method. Customers have reported issues for more than six hours on DownDetector, with sign-in and server connection failures affecting Teams, Outlook, and Hotmail. Microsoft says it is reviewing telemetry and applying changes to optimize affected mailbox infrastructure while the root cause is still under investigation.

Microsoft anti-spam bug blocks URLs in Exchange, Teams

🔒 Microsoft is addressing a known anti-spam issue that has caused its service to incorrectly block URLs in Exchange Online and Microsoft Teams, and to quarantine some messages. The engine erroneously flags URLs embedded inside other URLs as malicious, creating alerts and preventing users from opening links that were already confirmed safe. Engineers deployed a fix to stop further quarantines and are unblocking over 6,000 affected URLs, but additional impacted links and residual message recovery remain under active remediation while a root cause analysis continues.