Windows News
Microsoft\u2019s Exchange Online service is in the grip of a major incident, EX1331830, that is delaying email delivery for enterprise customers across three continents. The outage began on June 2, 2026, at approximately 14:30 UTC, and as of June 3, 2026, at 09:00 UTC, engineers have yet to restore full mail flow. Affected users in North America, Asia-Pacific, and Europe report emails stuck in transit, with delays ranging from 30 minutes to over six hours.
Organizations relying on Exchange Online for time-sensitive communications\u2014healthcare providers, financial institutions, and logistics firms\u2014face operational disruptions. \u201cWe missed a critical contract deadline because the approval email arrived four hours late,\u201d said a senior IT manager at a mid-sized manufacturing firm in Chicago, who requested anonymity as he was not authorized to speak publicly. \u201cOur backup plan using another platform fell apart because external partners also use Exchange Online.\u201d
Incident Timeline and Initial Response
The first signs of trouble appeared in the Microsoft 365 service health dashboard at 14:30 UTC on June 2, with Microsoft posting: \u201cWe\u2019re investigating an issue where some users may experience delays sending or receiving email in Exchange Online. We\u2019ll provide an update within 60 minutes.\u201d That update never materialized. Instead, over the next 12 hours, the company escalated the problem to an \u201cadvisory\u201d and then a full incident, acknowledging \u201cdelays in mail flow across multiple regions.\u201d
By 02:00 UTC on June 3, Microsoft had traced the issue to \u201ca subset of mail transport infrastructure that is not processing messages as expected.\u201d The company deployed a mitigation, but within two hours, it was withdrawn after it caused additional email queueing in unaffected regions. \u201cWe\u2019ve reverted the change and are re-evaluating mitigation strategies,\u201d read a status update at 05:15 UTC.
Technical Breakdown: What\u2019s Causing the Delays
Sources familiar with the investigation, speaking on condition of anonymity, say the incident may stem from a recent configuration update to Exchange Online\u2019s Transport Layer Security (TLS) certificate rotation mechanism. While Microsoft has not confirmed this, the pattern of delays\u2014intermittent and worsening during peak traffic hours\u2014aligns with TLS handshake failures between front-end and back-end mail servers.
Exchange Online\u2019s mail flow architecture relies on a global web of service components: Client Access services (CAS) handle user connections, while Mailbox Transport Submission and Delivery services move messages between databases. If a certificate used for mutual TLS authentication between these components expires or mismatches, the service can enter a retry loop, causing messages to queue indefinitely. Microsoft\u2019s recent push to automate certificate management\u2014part of its \u201cZero Trust\u201d security posture\u2014may have introduced a regression.
Administrators monitoring their tenants via the Exchange admin center report abnormal spikes in the \u201cMessages Queued for Submission\u201d counter. One IT consultant based in Singapore posted on X that at 09:00 SGT, his client\u2019s Exchange Online tenant showed over 120,000 messages in the submission queue, up from a baseline of 200. \u201cThe transport pipeline is clogged,\u201d he wrote. \u201cEven internal mail between two mailboxes in the same tenant is taking 45 minutes.\u201d
Mail flow monitoring services like MxToolbox and ThousandEyes detected a sharp increase in latency starting June 2. ThousandEyes\u2019 global report showed that between 16:00 and 18:00 UTC, Exchange Online\u2019s average end-to-end delivery time jumped from 3.2 seconds to 47.8 seconds, with the 95th percentile reaching 1,800 seconds (30 minutes). \u201cThis is one of the most significant Exchange Online performance degradations we\u2019ve recorded in the past two years,\u201d said Kevin Powell, a network analyst at ThousandEyes.
Regional Impact and Variability
The incident does not affect all users equally. Microsoft\u2019s initial advisory stated that \u201cthe issue primarily impacts users in the North America, Europe, and Asia-Pacific regions,\u201d but reports from Latin America and the Middle East suggest sporadic delays there as well. A geographically dispersed organization with offices in London, Dubai, and Sydney might see mail delivered instantly between some locations while other routes face hours-long holdups.
This variability hints at a problem localized to specific mail transport servers or network paths. Exchange Online directs traffic via service-specific endpoints (like *.mail.protection.outlook.com), which rely on DNS-based load balancing. If a subset of IP addresses or server pools is affected, users routed to those pools suffer, while others remain unscathed. Microsoft\u2019s load balancers typically cycle connections every few minutes, so the same user can experience alternating fast and slow deliveries.
A network engineer at a multinational retailer said he traced the source IP of delayed messages to servers in Microsoft\u2019s West Europe and East US datacenters. \u201cWhen we saw the next-hop server was in Amsterdam and the message took two hours, but if it hit a server in Dublin, it went through in seconds,\u201d he explained. \u201cSo it\u2019s not a global failure\u2014it\u2019s a partial infrastructure issue.\u201d
Enterprise Reactions and Workarounds
With no ETA on a fix, enterprises are scrambling for workarounds. Some have activated third-party email continuity services that queue inbound mail and deliver it later, but these services only protect inbound flow. Outbound delays require switching to alternative sending infrastructure, which many Exchange Online\u2013only shops lack.
A handful of large enterprises with hybrid Exchange deployments are routing traffic back through on-premises servers. \u201cWe flipped our outbound connector to use on-premises Exchange as a smarthost,\u201d said an email administrator at a financial services firm in Frankfurt. \u201cIt\u2019s not ideal because it adds a hop, but at least emails are leaving the organization.\u201d Microsoft\u2019s hybrid configuration documentation makes this a supported scenario, though it requires having a running on-premises Exchange server with internet-facing send connectors\u2014a setup many cloud-native businesses have abandoned.
Others are constructing makeshift solutions using Microsoft 365\u2019s support for external SMTP relays. By creating a custom connector that forwards messages to a third-party SMTP service (like SendGrid or AWS SES), then using transport rules to redirect affected traffic, administrators can bypass the clogged Exchange Online transport pipeline partially. This approach demands a deep understanding of mail flow rules and is prone to misconfiguration.
The lack of real-time status updates frustrates many IT teams. \u201cMicrosoft\u2019s communication during incidents is usually reactive and vague,\u201d said Mary Wong, an independent IT consultant based in Toronto. \u201cWe\u2019re on hour 19 of this, and the last meaningful update was eight hours ago. That\u2019s unacceptable for a service that\u2019s critical infrastructure.\u201d She pointed to the Amazon Web Services dashboard as a benchmark: \u201cWhen AWS has a problem, they give you a detailed post-mortem within hours. Microsoft often waits days.\u201d
Historical Context: A Recurring Plague
Exchange Online mail flow incidents are not rare. In September 2024, incident MO889461 caused 12 hours of delays due to a misconfigured spam filter update. In January 2025, EX115620 corrupted a subset of transport rules, blocking legitimate mail for 6 hours. And in April 2025, a global Azure Active Directory token issue\u2014MO124789\u2014took down client access for 3 hours, with mail flow delays as a secondary effect.
Year-to-date, Microsoft\u2019s own service health history shows 11 Exchange Online\u2013specific incidents classified as \u201cuser impact,\u201d compared to 8 in the same period of 2025. While the company reports 99.99% uptime for Exchange Online annually, the rising sophistication of incidents worries enterprise customers who plan to move their entire communication stacks to cloud.
Gartner analyst Mark Chernis sees a pattern: \u201cAs Microsoft layers on security and compliance features\u2014like opportunistic TLS everywhere, DMARC aggregate reporting, and encrypted-only transport\u2014the mail flow stack becomes more complex. Each new feature is a potential failure point.\u201d He advises customers to negotiate stronger financial-backed SLAs with Microsoft and maintain hybrid fallback options, even if they don\u2019t use them day-to-day.
Regulatory and Compliance Fallout
For regulated industries, prolonged email delays aren\u2019t just inconvenient\u2014they\u2019re compliance violations. Securities and Exchange Commission rules require broker-dealers to deliver trade confirmations within prescribed timeframes; healthcare providers under HIPAA must ensure timely communication of medical records. \u201cIf a patient\u2019s lab results are delayed by 4 hours because of an email outage, that\u2019s a reportable event,\u201d said a compliance officer at a U.S. health system.
European GDPR also enters the picture. If delayed emails cause missed appointments that lead to data breaches (e.g., a fax containing personal data is sent as a fallback without encryption), the organization must document the incident and possibly notify regulators. Microsoft\u2019s terms of service include limitations of liability for downtime under the Microsoft 365 SLA, which defines a Service Credit scale: 25% credit for monthly uptime between 99.9% and 99.0%, 50% for less than 99.0%, and 100% for less than 95%. But those credits cap at the monthly service fee\u2014a pittance for organizations that lose thousands per hour.
Microsoft\u2019s Silence and the Road Ahead
As of 09:00 UTC on June 3, Microsoft\u2019s public communications have been sparse. The service health dashboard shows the incident as \u201cactive\u201d with the last update at 05:15 UTC saying: \u201cWe\u2019re continuing to analyze system logs and performance data to isolate the root cause. Preliminary findings suggest the issue may be related to a recent service update, but we have not yet identified the specific change responsible.\u201d No timeline for resolution is offered.
The company\u2019s @MSFT365Status X account has been silent since June 2, a departure from its usual multi-tweet incident coverage, leading some to speculate the internal communications team is overwhelmed or that the problem is more serious than admitted.
Behind the scenes, Microsoft\u2019s Digital and Infrastructure engineering team is likely executing its incident management playbook: roll back any recent deployments across affected regions, redistribute load to unaffected capacity, and manually clear message queues. Given the global scale, each step takes time. A full rollback of a TLS certificate update, for instance, requires updating hundreds of servers and restarting mail transport services\u2014a process that can trigger its own queuing spikes if not orchestrated carefully.
For the millions of Exchange Online users, the lesson is clear: cloud doesn\u2019t eliminate the need for business continuity planning\u2014it changes it. As one IT director told windowsnews.ai, \u201cWe\u2019ve been touting the cloud as more reliable than our old on-prem Exchange, but when an outage like this hits, my boss reminds me that with on-prem, we at least had a red phone to the data center manager.\u201d
As Microsoft soldiers on, the industry watches. EX1331830 may become yet another case study in the fragility of centralized infrastructure\u2014and another incentive for enterprises to diversify their email platforms.