🔴 Microsoft Exchange Online had a major global outage this week. Are you still seeing problems?

If your clients had email delays or failures earlier this week, here’s what happened.

Starting Tuesday, Microsoft’s Exchange Online suffered a serious mail flow failure, tracked as incident EX1331830. It blocked or severely delayed email delivery for enterprise users across North America, Asia-Pacific, and Europe.

Emails were stuck in transit for anywhere between 30 minutes and six hours. Engineers deployed a mitigation at 02:00 UTC on Wednesday, found it was making things worse, and had to roll it back. BleepingComputer

Microsoft traced the root cause to a subset of mail transport infrastructure that stopped processing messages as expected. Service was gradually restored, but the mail queue backlog meant some messages continued to arrive late well into the following day.

Did you see any impact from this? Hit reply and let us know.

🟡 Microsoft's MFA registration portal also went down this week…

Slightly different issue. On Monday, Microsoft’s My Sign-Ins portal (the page where users set up and manage their MFA methods) went down with 504 Gateway Timeout errors.

Users who needed to register MFA for the first time, reconfigure an existing method, or recover a lost authenticator couldn’t do any of it. New starters couldn’t complete onboarding and anyone locked out of their account couldn’t get back in. BleepingComputer

Microsoft blamed a cache configuration change and restored the service the same day after rolling back to the original infrastructure.

🟢 Do you believe this stat? 75% of MSPs were breached at least once last year

CyberSmart’s 2026 MSP Survey, based on 350 MSP leaders across the UK and Ireland, published last month with a finding that deserves more attention than it got. CyberSmart

• Three quarters of MSPs reported at least one breach in the past 12 months

• 54% were breached two or more times

• Nearly a third experienced three or more incidents

• And 59% of MSPs believe their clients are more at risk now than they were a year ago.

Of course, we know why attackers are targeting MSPs, because they want to access multiple organisations from one breach.

The good news in the same report: customer scrutiny of MSP security is stabilising as a baseline expectation. Investing in your own security is good for business in every way.

Right, that’s this week done. I don’t know about you, but we’re exhausted and need a beer tonight and a long sleep this weekend. Have a good one. We’ll be back in your inbox on Monday morning.