Outlook.com Outage Causes Sign‑In Failures for Millions of Users
What Happened – Microsoft confirmed an ongoing outage on Outlook.com that is intermittently preventing users from signing in, displaying “too many requests” errors and unexpected sign‑outs. The issue began early on April 27 2026 and remains under investigation, with Microsoft rolling back a recent change in an attempt to restore service.
Why It Matters for TPRM –
- Email is a core communication channel for most enterprises; prolonged access loss can disrupt business operations and delay critical workflows.
- Service‑level expectations for SaaS providers are a key contractual metric; outages may trigger breach of SLA clauses and affect vendor risk scores.
- Unexplained outages can mask underlying security incidents; continuous monitoring is required to differentiate between operational and malicious causes.
Who Is Affected – Cloud‑based email users across all industries; primarily SaaS customers of Microsoft 365 and Outlook.com.
Recommended Actions –
- Review your organization’s reliance on Outlook.com for critical communications and assess SLA compliance.
- Activate contingency email routing (e.g., alternate mail providers or on‑premises gateways) while the outage persists.
- Increase monitoring of sign‑in telemetry and error rates for any third‑party email services.
Technical Notes – The outage is attributed to a “recently introduced change” in the Outlook.com service stack; no specific vulnerability or CVE has been disclosed. Users encounter HTTP 429 “too many requests” responses, suggesting rate‑limiting or backend throttling issues. Source: BleepingComputer