Users intermittently could not access Microsoft Copilot web and the m365.cloud.microsoft portal — including redirects from office.com and portal.microsoft.com — receiving HTTP 400 "Header Field Too Long" errors for approximately 81 hours. The root cause was a backend routing change that caused OAuth tokens to include oversized group membership claims, exceeding header size limits. Microsoft resolved the issue by rolling back the offending change and rerouting traffic through infrastructure supporting larger cookie sizes, with clearing browser cookies available as an interim workaround for affected users.
Trusted by 1,000+ teams
Stop finding out about outages from your users. Monitor 6,320+ cloud services and get alerted the second something breaks.
Title: Users are unable to access Microsoft Copilot web and m365.cloud.microsoft
User impact: Users were intermittently unable to access Copilot web and other pages that redirect to the m365.cloud.microsoft URL.
More info: Access eventually timed out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
The impacted URL was m365.cloud.microsoft and other URLs which redirect to this page, including but not limited to:
- office.com
- portal.microsoft.com
Users may have been using URLs such as office.com and the navigation Waffle to access M365 applications in the browser, such as Outlook. For this scenario, when the URL redirected to m365.cloud.microsoft they may have experienced impact, however, users could access M365 applications in the browser directly through the product’s specific URL (such as: outlook.office.com).
As a potential workaround, users could have used the desktop version of the Microsoft 365 applications. Additionally, users may have experienced temporary relief by refreshing the cache when trying to access through the browser.
Final status: We completed the traffic rerouting and have confirmed with previously impacted users that impact is now remediated.
Scope of impact: This issue could have impacted any user attempting to access Copilot web, or a URL which redirects to m365.cloud.microsoft.
Start time: Tuesday, July 7, 2026, at 5:00 PM UTC
End time: Friday, July 10, 2026, at 6:00 PM UTC
Preliminary root cause: A recent change which modified the route that back-end service calls take when users access the affected apps unexpectedly introduced impact.
Next steps:
- We're continuing to investigate why the offending change introduced impact and why it wasn't detected prior to deployment.
We'll provide a preliminary Post-Incident Report within two business days and a final Post-Incident Report within five business days.
Title: Users are unable to access Microsoft Copilot web and m365.cloud.microsoft
User impact: Users may be intermittently unable to access Copilot web and other pages that redirect to the m365.cloud.microsoft URL.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
The impacted URL is m365.cloud.microsoft and other URLs which redirect to this page, including but not limited to:
- office.com
- portal.microsoft.com
Users may be using URLs such as office.com and the navigation Waffle to access M365 applications in the browser, such as Outlook. For this scenario, when the URL redirects to m365.cloud.microsoft they may experience impact, however, users can access M365 applications in the browser directly through the product’s specific URL (such as: outlook.office.com).
As a potential workaround, users can use the desktop version of the Microsoft 365 applications. Additionally, users may experience temporary relief by refreshing the cache when trying to access through the browser.
Current status: We're proceeding with the traffic rerouting which we expect to fully remediate impact. We anticipate this process will complete by our next scheduled update.
Scope of impact: This issue could impact any user attempting to access Copilot web, or a URL which redirects to m365.cloud.microsoft.
Preliminary root cause: A recent change which modified the route that back-end service calls take when users access the affected apps unexpectedly introduced impact.
Next update by: Friday, July 10, 2026, at 8:00 PM UTC
We've completed the aforementioned rollback and as such, no new users will experience this issue and previously affected users are able to clear their browser cookies to mitigate impact.
We're continuing to pursue the traffic rerouting strategy which will allow for larger cookies and ultimately fully remediate this problem without users needing to take action.
This quick update is designed to give the latest information on this issue.
We're exploring a different fix which involves rerouting traffic through alternate infrastructure that can support the larger cookie size. We aim to pursue the most expedient fix option while ensuring no adverse impact is introduced.
This quick update is designed to give the latest information on this issue.
Title: Users are unable to access Microsoft Copilot web and m365.cloud.microsoft
User impact: Users may be intermittently unable to access Copilot web and other pages that redirect to the m365.cloud.microsoft URL.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
The impacted URL is m365.cloud.microsoft and other URLs which redirect to this page, including but not limited to:
- office.com
- portal.microsoft.com
Users may be using URLs such as office.com and the navigation Waffle to access M365 applications in the browser, such as Outlook. For this scenario, when the URL redirects to m365.cloud.microsoft they may experience impact, however, users can access M365 applications in the browser directly through the product’s specific URL (such as: outlook.office.com).
As a potential workaround, users can use the desktop version of the Microsoft 365 applications. Additionally, users may experience temporary relief by refreshing the cache when trying to access through the browser.
Current status: We are performing final validations to roll back the recent change we suspect is contributing to impact. This change modified the route that back-end service calls take when users access the affected apps. Once the rollback is initiated, we expect it to take approximately one hour to complete. We'll provide an update as soon as this process has started.
In parallel, our investigation into the oversized cookies and the underlying root cause is ongoing. We continue to pursue additional mitigation paths, including a fix to adjust the cookie size to expected thresholds.
Scope of impact: This issue could impact any user attempting to access Copilot web, or a URL which redirects to m365.cloud.microsoft.
Next update by: Friday, July 10, 2026, at 6:00 PM UTC
Title: Unable to access Microsoft Copilot web and the m365.cloud.microsoft URL
User impact: Users may be intermittently unable to access Copilot web and other pages that redirect to the m365.cloud.microsoft URL.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
The impacted URL is m365.cloud.microsoft and other URLs which redirect to this page, including but not limited to:
- office.com
- portal.microsoft.com
Users may be using URLs such as office.com and the navigation Waffle to access M365 applications in the browser, such as Outlook. For this scenario, when the URL redirects to m365.cloud.microsoft they may experience impact, however, users can access M365 applications in the browser directly through the product’s specific URL (eg outlook.office.com).
As a potential workaround, users can use the desktop version of the Microsoft 365 applications. Additionally, users may experience temporary relief by refreshing the cache when trying to access through the browser.
Current status: We’re continuing to analyze and test the rollback of the previously mentioned change. Additionally, we’re reviewing HTTP Archive format (HAR) files from impacted users to assist in identifying why specific chunks in the cookie size have increased above the allowed thresholds. In parallel, we’re testing some redirect configuration paths to reproduce the issue internally and gather additional diagnostics to assist our investigation.
Scope of impact: This issue could impact any user attempting to access Copilot web, or a URL which redirects to m365.cloud.microsoft.
Next update by: Friday, July 10, 2026, at 4:00 PM UTC
Due to the complexity of the change, we're performing detailed analysis and testing before starting the rollback, to ensure that reverting it would not cause impact.
This quick update is designed to give the latest information on this issue.
Title: Unable to access Microsoft Copilot web and the m365.cloud.microsoft URL
User impact: Users may be intermittently unable to access Copilot web and other pages that redirect to the m365.cloud.microsoft URL.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
The impacted URL is m365.cloud.microsoft and other URLs which redirect to this page, including but not limited to:
- office.com
- portal.microsoft.com
Users may be using URLs such as office.com and the navigation Waffle to access M365 applications in the browser, such as Outlook. For this scenario, when the URL redirects to m365.cloud.microsoft they may experience impact. Users can access M365 applications in the browser direct through the product’s specific URL (eg outlook.office.com).
As a potential workaround, users can use the desktop version of the Microsoft 365 applications. Additionally, users may experience temporary relief by refreshing the cache when trying to access through the browser.
Current status: We’ve identified a recent change that occurred around the time that impact was first reported. The change is related to URL redirects that occur for specific services after the authentication process completes. Out of an abundance of caution, we’re reverting this change as a potential expedited mitigation strategy, whilst in parallel, we continue to investigate the underlying cause.
Scope of impact: This issue could impact any user attempting to access Copilot web, or a URL which redirects to m365.cloud.microsoft.
Next update by: Friday, July 10, 2026, at 2:30 PM UTC
Quick: We're reviewing options to expedite the fix development and deployment. Additionally, we're reviewing options to revert a recent change we believe may be contributing to impact.
This quick update is designed to give the latest information on this issue.
Title: Unable to access Microsoft Copilot web and the m365.cloud.microsoft URL
User impact: Users may be intermittently unable to access Copilot web and other pages that redirect to the m365.cloud.microsoft URL.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
The main impacted URL is m365.cloud.microsoft, however, this issue will also impact other URLs that redirect to this page, including, but not limited to:
- office.com
- portal.microsoft.com
Users may be using URLs such as office.com and the navigation Waffle to access M365 applications in the browser, such as Outlook. For this scenario, when the URL redirects to m365.cloud.microsoft they may experience impact. Users can access M365 applications in the browser direct through the product’s specific URL (e.g. outlook.office.com).
As a potential workaround, users can use the desktop version of the Microsoft 365 applications. Additionally, users may experience temporary relief by refreshing the cache when trying to access through the browser.
Current status: After further investigations, we’ve confirmed that the Microsoft admin portal (admin.cloud.microsoft) is unaffected. The issue is limited to Copilot web (m365.cloud.microsoft) and other browser pages which redirect to this URL.
We're continuing to work on a fix that will remove the impacting code which requests the groups claim within the token. We’ll provide a further update shortly with more details on the development and deployment timelines.
Scope of impact: This issue could impact any user attempting to access Copilot web, or a URL which redirects to m365.cloud.microsoft.
Next update by: Friday, July 10, 2026, at 12:30 PM UTC
Title: Some users are intermittently unable to access the Microsoft 365 suite portal
User impact: Users are intermittently unable to access the Microsoft 365 suite portal.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
Current status: Our investigation into the authorization flow has identified that tokens utilized by OAuthentication contain a "groups" claim which includes group memberships for users attempting to authentication. We suspect that due to the inclusion of group memberships, this may be resulting in the generation of larger than expected headers, resulting in impact. We're working on a fix that would disable or remove the code which requests the groups claim within the token as a potential remediation, and working to confirm a timeline for fix deployment.
Scope of impact: Your organization is affected by this event, and some users are intermittently unable to access the Microsoft 365 suite portal.
Next update by: Friday, July 10, 2026, at 8:30 PM UTC
Title: Some users are intermittently unable to access the Microsoft 365 suite portal
User impact: Users are intermittently unable to access the Microsoft 365 suite portal.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
Current status: We're analyzing the authorization flow to understand why the generated large headers that are responsible for the associated error message are being created and are determining the next best steps for remediation.
Scope of impact: Your organization is affected by this event, and some users are intermittently unable to access the Microsoft 365 suite portal.
Next update by: Thursday, July 9, 2026, at 8:30 PM UTC
Title: Some users are intermittently unable to access the Microsoft 365 suite portal
User impact: Users are intermittently unable to access the Microsoft 365 suite portal.
More info: Access eventually times out with an error message stating, "Bad Request - Header Field Too Long. HTTP Error 400. A request field is too long."
Current status: We're investigating a potential issue with intermittent failures when accessing the Microsoft 365 suite portal and checking for impact to your organization. We'll provide an update within 30 minutes.
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 6320 services available
Integrations with