Abnormal Security Status

Resolved: Starting at 17:45 UTC on June 2, 2026, Abnormal experienced a service disruption affecting email detection and remediation for Inbound Email Security customers in the EU region. Additionally, between 18:00 UTC and 19:00 UTC, US customers experienced degraded AI Security Mailbox functionality. As of 19:20 UTC, all services have been restored and live traffic is processing normally across both regions. Abnormal is continuing to work through retry queues to reprocess any emails from the impacted window. If you experience any further issues, please reach out to our support team at [email protected].

Monitoring: Starting at 17:45 UTC on June 2, 2026, Abnormal experienced a service disruption affecting email detection and remediation for Inbound Email Security customers in the EU region. Additionally, between 18:00 UTC and 19:00 UTC, US customers experienced degraded attack detection and AI Security Mailbox functionality. Abnormal is now beginning to see recovery across impacted services. The engineering team continues to monitor as systems restore to full operational capacity. Any emails from the impacted window will be reprocessed. A further update will be provided once full recovery is confirmed.

Investigating: Starting at 17:45 UTC on June 2, 2026, Abnormal began experiencing a service disruption affecting email scoring, detection, and remediation for Inbound Email Security in the EU region. EU customers may experience emails not being analyzed or remediated during this time. The engineering team is actively investigating and working to restore full functionality. The next update will be provided within 1 hour or sooner as more information becomes available.

Resolved: Microsoft services have fully recovered from the degraded M365 sign-in audit log delivery, and Abnormal services have also recovered as of 09:41 UTC on May 30, 2026. Abnormal engineering has initiated a reprocess to ensure all Account Takeover detections from the impacted time window are properly processed. No sign-in data was lost during this event. If you experience any further issues, please reach out to Abnormal support at [email protected].

Identified: Microsoft has confirmed the root cause of the degraded M365 sign-in audit log delivery has been fixed and services are currently recovering. Microsoft estimates full recovery within approximately 7 hours. Once Microsoft services complete recovery, Abnormal expects Account Takeover detection to begin processing normally and will work through the backlog of sign-in events from this incident. No data has been lost. Abnormal will post a final resolved update once Microsoft confirms full restoration and backlog processing is complete.

Identified: Microsoft has confirmed that the degraded delivery of M365 sign-in audit logs was caused by a power event in their West US 2 datacenter, which began at 04:27 UTC on May 29, 2026. Microsoft has reported that their service is on a recovery path and is currently processing the accumulated backlog, including sign-in stream data. As a result, customers using Account Takeover detection with Microsoft M365 may continue to experience delays in the creation of detection cases based on sign-in activity until the backlog is fully consumed. No sign-in data has been lost, and Abnormal has adjusted processing to account for the delay and ensure no detections are missed. All other Account Takeover data sources continue to operate at full capacity. Abnormal will continue to monitor and provide a further update once Microsoft confirms full recovery. If you have any questions, please reach out to Abnormal support at [email protected].

Investigating: We are continuing to investigate this issue.

Investigating: Starting at 04:27 UTC on May 29, 2026, Microsoft is experiencing degraded delivery of M365 sign-in audit logs due to an issue on Microsoft's infrastructure. As a result, customers using Account Takeover detection with Microsoft M365 may see a delay of up to 90 minutes in the creation of detection cases based on sign-in activity. No sign-in data is being lost, and Abnormal has adjusted processing to account for the delay and ensure no detections are missed. All other Account Takeover data sources continue to operate at full capacity. Abnormal is actively monitoring the situation and will provide updates as it evolves. If you have any questions, please reach out to Abnormal support at [email protected].

Resolved: Starting at 17:45 UTC on June 2, 2026, Abnormal experienced a service disruption affecting email detection and remediation for Inbound Email Security customers in the EU region. Additionally, between 18:00 UTC and 19:00 UTC, US customers experienced degraded AI Security Mailbox functionality. As of 19:20 UTC, all services have been restored and live traffic is processing normally across both regions. Abnormal is continuing to work through retry queues to reprocess any emails from the impacted window. If you experience any further issues, please reach out to our support team at [email protected].

Monitoring: Starting at 17:45 UTC on June 2, 2026, Abnormal experienced a service disruption affecting email detection and remediation for Inbound Email Security customers in the EU region. Additionally, between 18:00 UTC and 19:00 UTC, US customers experienced degraded attack detection and AI Security Mailbox functionality. Abnormal is now beginning to see recovery across impacted services. The engineering team continues to monitor as systems restore to full operational capacity. Any emails from the impacted window will be reprocessed. A further update will be provided once full recovery is confirmed.

Investigating: Starting at 17:45 UTC on June 2, 2026, Abnormal began experiencing a service disruption affecting email scoring, detection, and remediation for Inbound Email Security in the EU region. EU customers may experience emails not being analyzed or remediated during this time. The engineering team is actively investigating and working to restore full functionality. The next update will be provided within 1 hour or sooner as more information becomes available.

Resolved: Microsoft services have fully recovered from the degraded M365 sign-in audit log delivery, and Abnormal services have also recovered as of 09:41 UTC on May 30, 2026. Abnormal engineering has initiated a reprocess to ensure all Account Takeover detections from the impacted time window are properly processed. No sign-in data was lost during this event. If you experience any further issues, please reach out to Abnormal support at [email protected].

Identified: Microsoft has confirmed the root cause of the degraded M365 sign-in audit log delivery has been fixed and services are currently recovering. Microsoft estimates full recovery within approximately 7 hours. Once Microsoft services complete recovery, Abnormal expects Account Takeover detection to begin processing normally and will work through the backlog of sign-in events from this incident. No data has been lost. Abnormal will post a final resolved update once Microsoft confirms full restoration and backlog processing is complete.

Identified: Microsoft has confirmed that the degraded delivery of M365 sign-in audit logs was caused by a power event in their West US 2 datacenter, which began at 04:27 UTC on May 29, 2026. Microsoft has reported that their service is on a recovery path and is currently processing the accumulated backlog, including sign-in stream data. As a result, customers using Account Takeover detection with Microsoft M365 may continue to experience delays in the creation of detection cases based on sign-in activity until the backlog is fully consumed. No sign-in data has been lost, and Abnormal has adjusted processing to account for the delay and ensure no detections are missed. All other Account Takeover data sources continue to operate at full capacity. Abnormal will continue to monitor and provide a further update once Microsoft confirms full recovery. If you have any questions, please reach out to Abnormal support at [email protected].

Investigating: We are continuing to investigate this issue.

Investigating: Starting at 04:27 UTC on May 29, 2026, Microsoft is experiencing degraded delivery of M365 sign-in audit logs due to an issue on Microsoft's infrastructure. As a result, customers using Account Takeover detection with Microsoft M365 may see a delay of up to 90 minutes in the creation of detection cases based on sign-in activity. No sign-in data is being lost, and Abnormal has adjusted processing to account for the delay and ensure no detections are missed. All other Account Takeover data sources continue to operate at full capacity. Abnormal is actively monitoring the situation and will provide updates as it evolves. If you have any questions, please reach out to Abnormal support at [email protected].