Thousands of Microsoft 365 users were unable to sign into Outlook or access Copilot on Friday after a routing configuration change triggered a widespread outage. The disruption, which began just after 7:00 a.m. UK time, also affected other parts of the productivity suite, leaving businesses and individuals scrambling for workarounds.
Microsoft’s service health dashboard lit up with alerts for multiple services, confirming that many users could not authenticate or complete key tasks. For a company that has bet heavily on artificial intelligence integration, the simultaneous loss of Copilot was particularly acute.
What exactly broke?
The outage traced back to a faulty routing configuration in Microsoft’s networking infrastructure. Routing tables dictate how data packets flow between servers and clients, and a misapplied change redirected authentication traffic into a dead end. Instead of reaching the login service, requests timed out or were rejected, making it impossible for users to prove their identity.
The blast radius was broad. Exchange Online, which powers Outlook on the web and desktop syncing, was affected. Copilot, which depends on authenticated calls to its backend, stopped working across applications including Word, Excel, and PowerPoint. Other Microsoft 365 services that rely on the same authentication backbone — such as SharePoint Online and Teams — were degraded for many customers, though some users reported sporadic access if they already possessed cached credentials.
Error messages varied. Some users saw a generic “Something went wrong” screen during sign-in; others encountered HTTP 500 errors when trying to load Outlook on the web. Desktop applications prompted repeatedly for passwords but could not connect. The outage was global, but Europe and the UK bore the initial wave, as the timing coincided with the start of the business day there.
Microsoft classified the incident as a “Service Degradation” and later updated its advisories to confirm that a routing change introduced earlier in the day was the culprit. Engineers rolled back the change and began monitoring recovery, but because cached DNS entries and authentication tokens take time to expire, the restoration was gradual.
What it meant for you
For everyday users
If you were locked out of your email or suddenly lost Copilot assistance mid-task, the frustration was real. The outage mainly blocked new sign-ins. Anyone already signed in — for example, with a persistent desktop Outlook session that had a valid token — might have retained partial access to cached mailboxes, but sending new messages or syncing calendar updates often failed. Mobile apps, which sometimes use different routing paths or cached tokens, were slightly more resilient for some, though not universally.
Savvy users who checked Downdetector or Twitter saw reports spiking within minutes. The lesson: when a cloud service goes dark, there’s little you can do except wait — or switch to a local backup.
For business users and IT admins
Organizations that depend entirely on Microsoft 365 for email and collaboration were stuck. Help desks fielded calls from employees who could not log in, reset passwords needlessly, or worried about security breaches. The core headache: no amount of local troubleshooting could fix it. Restarting the computer, clearing the browser cache, or reinstalling Office did nothing because the problem lived inside Microsoft’s data centers.
The recommended admin workaround, according to Microsoft’s guidance, was to use alternative access methods that bypassed the affected routing — though these were hit-or-miss. Some admins directed users to the Outlook mobile app with cached credentials, while others advised temporarily switching to basic authentication clients (where still enabled). For Copilot-dependent workflows, the workaround was nonexistent; the AI assistant simply went offline.
Beyond the immediate disruption, the incident reignited the perpetual debate about single-vendor cloud lock-in. The outage was out of admins’ control, with no SLA-busting quick fix. It underscored the value of offline access configurations, such as cached Exchange mode with a large local data file, and the importance of diversified communication channels for when Teams itself becomes unavailable.
How the drama unfolded
A timeline of the outage, based on user reports and Microsoft’s staggered acknowledgments:
- 7:00 a.m. UK time (2:00 a.m. ET): The first signs appear. Users in the UK and Europe begin posting on social media about Outlook sign-in failures. Downdetector graphs start climbing.
- Approximately 8:00 a.m. UK time: Microsoft posts an initial service health advisory under incident ID, acknowledging “limited impact” to Exchange Online.
- Mid-morning: The advisory expands to include Copilot and other services. The scope becomes clearer — this is not just email.
- Late morning: Microsoft identifies the root cause as a routing configuration change. Engineers begin a rollback.
- Early afternoon: Service restoration begins patchily, with some regions and tenants recovering faster than others. Authentication caches and DNS propagation cause a staggered return to normal.
This isn’t the first time a routing tweak has paralyzed Microsoft 365. Historical parallels include the February 2023 Azure AD outage that also blocked sign-ins worldwide, and a September 2024 incident where a network configuration change cascaded into a multi-hour latency spike. Each recurrence highlights the delicate balance between frequent cloud updates and the risk of a single change breaking everything.
What to do now
If you’re still experiencing lingering effects — some users may find their clients stuck in a broken state even after the service recovers — try these steps:
For everyone:
- Check the official status page (status.office.com) or the @MSFT365Status handle on X to confirm the service is back.
- Sign out of all Office apps, clear your credential manager of any stale Outlook tokens, and sign in fresh. On Windows, use the “Clear credentials” option in the Mail control panel.
- If Outlook on the web won’t load, try an InPrivate or Incognito window to rule out corrupted session cookies.
- For persistent Copilot issues, restart the Office application—Copilot can occasionally hang after a service disruption.
For IT admins:
- Review the service health dashboard for a post-incident report (usually published within days). The report will detail the root cause, error codes, and any follow-up actions Microsoft is taking.
- Communicate to users that this was a cloud-side issue, not a local security threat. Over-zealous users might have changed passwords unnecessarily; expect some password reset requests.
- Verify that all your conditional access policies and authentication settings are intact. Although rare, a major routing change can sometimes interact with custom Azure AD configurations.
- Dust off your business continuity plans. If your organization suffered significant downtime, consider whether offline access policies (e.g., longer token lifetimes for managed devices) or a hybrid email routing solution would provide a safety net.
Outlook
Microsoft’s quick rollback restored most services within hours, but the underlying vulnerability remains: a single misconfiguration in a deeply interconnected system can knock access offline for millions. The company will likely publish a detailed root-cause analysis and promise improved change management guardrails—something it has done after past incidents.
The bigger picture: as Microsoft pushes Copilot deeper into Windows and Office, authentication resilience becomes even more critical. An outage that breaks both productivity tools and the AI assistant that supplements them is doubly disruptive. For users and IT decision-makers, Friday’s events are a stark reminder that no cloud is immune to human error. The smartest response isn’t to abandon the cloud, but to plan for its inevitable hiccups.