Multiple outages due to Microsoft 365 incident

Update timeline

1. identified Jan 22, 2026, 08:15 PM UTC

   We are aware of an ongoing incident with Microsoft 365 causing emails to not be received by Defend. This is resulting in emails not being delivered to inboxes. This outage is also resulting in the Phish Alert Button being unable to report emails. We are investigating this issue and will update this page when we have more information.

2. identified Jan 22, 2026, 08:36 PM UTC

   We are continuing to work on a fix for this issue.

3. identified Jan 22, 2026, 10:25 PM UTC

   We are continuing to work on a fix for this issue.

4. monitoring Jan 23, 2026, 08:24 AM UTC

   A fix has been implemented and we are monitoring the results.

5. monitoring Jan 23, 2026, 08:25 AM UTC

   Microsoft 365 services appear to have recovered. We are actively monitoring all dependent systems to ensure email flow and related functionality remain fully operational.

6. resolved Jan 23, 2026, 12:27 PM UTC

   This incident has been resolved.

7. postmortem Feb 02, 2026, 05:35 PM UTC

   On January 22, 2026, from approximately 19:30 \(UTC\) to January 23, 2026, at approximately 05:00 \(UTC\), a significant service disruption in Microsoft’s North American infrastructure triggered a series of service degradations across KnowBe4 products. This Microsoft service disruption primarily affected Exchange Online connectivity and the responsiveness of the Microsoft Graph API and the Office JS API. The incident created a two-fold impact on our environment. First, Microsoft’s SMTP relays began rejecting connections, which prevented our secure gateways from returning processed mail to customer environments. As a result, Defend and Protect began safely queuing messages and reached approximately 530,000 emails held in a secure retry state. Prevent also had partial disruptions in which moderation messages could not be transmitted. These disruptions led to delivery delays and triggered preconfigured default actions. While the SMTP relays were down, API instability also affected our suite of Microsoft Outlook add-ins. Both the Phish Alert Button \(PAB\) and the KnowBe4 Email Security add-in experienced functional failures and extreme latency because they could not retrieve necessary data from Microsoft’s backend to process reports and display security nudges. At the same time, the deployment center recorded failed installations for new customers, since the system-generated "handshake" that is required to verify transport rules was blocked by the same Microsoft relay failures. As Microsoft began restoring its North American services on January 23, 2026, at around 01:40 \(UTC\), our systems initiated automated recovery protocols. Using exponential backoff logic, our gateways began automatically clearing the mail queues. By 05:00 \(UTC\), the Defend and Protect services returned to full performance, queues were fully processed, and all deployment health checks for Defend and Prevent were confirmed successful. No data loss occurred as a result of this issue.