Check Point Email Security | Blog

How the Microsoft Outage Affects Email Security

Written by Jeremy Fuchs | January 25, 2023

Earlier, an outage hit Microsoft Office, causing disruption and delays across the business world. 

This outage delayed emails and other key activities for about five hours. Another thing it delayed? Scanning of emails by pure API-based solutions.

When a solution relies 100% on the Microsoft API, that means that they rely 100% on Microsoft. If Microsoft goes down, so do they.

Case in point: One status page for an API competitor said that email processing and remediation “may have experienced delays.” This occurred for a number of hours until Microsoft fixed the issue on their end.

Once the outage was fixed, the API solution had to rescan all the emails in that window.

So that means that, if you rely on these API-only solutions, then you were unprotected while Microsoft had delays. The average user receives 120 emails a day. Large enterprises receive millions of emails a day. Even for a few hours, that’s a lot of messages going unprotected. In general, it only takes about 82 seconds for users to take action on a phishing email. Now imagine if a phishing email is in the inbox for hours. 

Microsoft’s Graph API was not designed for implementing email security - it is not inline, it does not provide SLA on delivery/update times,  it will throttle the service to protect from load and will degrade performance if load does occur. In simple words - if it cannot guarantee performance during load or outages - it cannot scale for services that require a timely response.

Avanan was not affected by this issue because we connect to your email via API but process via SMTP. 

All the other API companies could say is that they “apologize for the inconvenience.”

Not having security is surely a huge inconvenience. And with the average phishing breach costing $4.91 million, according to IBM, not having security is an expensive inconvenience as well.