Full Report
Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. [...]
Analysis Summary
# Incident Report: Classic Outlook Email Delivery Failures
## Executive Summary
Microsoft has confirmed a software defect in the Classic Outlook desktop client preventing users from sending emails via Outlook.com. The issue primarily impacts users with multi-account profiles or conflicting Global Address List (GAL) entries, resulting in "permission denied" error messages. While investigate continues, Microsoft has provided several manual workarounds to mitigate the service disruption.
## Incident Details
- **Discovery Date:** Reported/Acknowledged April 2, 2026
- **Incident Date:** Ongoing (Preceding April 2, 2026)
- **Affected Organization:** Microsoft (Outlook.com / Classic Outlook Users)
- **Sector:** Information Technology / Productivity Software
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** N/A
- **Vector:** Non-malicious; Software Logic Bug
- **Details:** This incident is not a security breach but a functional regression within the Classic Outlook application code.
### Lateral Movement
- **N/A:** No unauthorized lateral movement occurred.
### Data Exfiltration/Impact
- **Operational Impact:** Users are unable to send or reply to emails, receiving NDR (Non-Delivery Report) errors.
- **Error Codes:** 0x80070005-0x0004dc-0x000524.
### Detection & Response
- **How it was discovered:** Customer reports and internal telemetry.
- **Response actions taken:** Microsoft launched an investigation and published official workarounds, including address book modifications and profile isolation.
## Attack Methodology
*Note: This incident involves a technical fault rather than an external threat actor.*
- **Initial Access:** Software Update/Configuration conflict.
- **Persistence:** N/A.
- **Privilege Escalation:** False "Permission Denied" triggers despite valid credentials.
- **Impact:** Denial of Service (Communication).
## Impact Assessment
- **Financial:** Indirect costs related to lost productivity and increased support ticket volume.
- **Data Breach:** None; no data was compromised.
- **Operational:** High disruption for users relying on Classic Outlook for business communication via Outlook.com accounts.
- **Reputational:** Medium; adds to a series of recent Outlook-related stability issues.
## Indicators of Compromise
- **Behavioral indicators:**
- Error message: "This message could not be sent. Try sending the message again later or contact your network administrator."
- Error code: `[0x80070005-0x0004dc-0x000524]` logged during SMTP operations.
- Triggered when sending via Outlook.com from a profile linked to another Exchange account.
## Response Actions
- **Containment measures:**
- Recommended hiding Outlook.com contacts from the M365 Global Address List (GAL).
- Advised removing the M365 account Address Book from the Outlook client.
- **Eradication steps:** Microsoft engineering team currently developing a permanent software patch.
- **Recovery actions:**
- Advised users to utilize "New Outlook" or Outlook Web Access hxxps[://]outlook[.]com.
- Creation of dedicated Classic Outlook profiles for affected accounts.
## Lessons Learned
- **Key takeaways:** Configuration overlaps between different Exchange environments (M365 vs Consumer Outlook.com) in the same client can lead to permission-handling errors.
- **What could have been done better:** Improved regression testing for multi-account profiles within the Classic Outlook architecture during the update cycle.
## Recommendations
- **Prevention measures:** Ensure that organizational SMTP addresses do not conflict with personal Outlook.com contact addresses within the same tenant.
- **Update Management:** Closely monitor Microsoft 365 Service Health Dashboard for the deployment of a permanent fix and apply Outlook client updates as soon as they are available.