Microsoft cracks down on malicious meeting invites

Source: Help Net Security

Author: Sinisa Markovic

URL: https://www.helpnetsecurity.com/2025/11/25/enhance-microsoft-calendar-threat-protection/

Microsoft cracks down on malicious meeting invites

ONE SENTENCE SUMMARY:

Microsoft enhances Defender for Office 365 by linking Hard Delete to calendar entry removal and strengthening domain blocking.

MAIN POINTS:

1. Phishing attacks exploit calendar entries from auto-created Outlook invites.
2. Microsoft updates Defender for Office 365 to remove calendar entries via Hard Delete.
3. Security actions like Hard Delete now erase linked calendar items.
4. Update applies across security surfaces like Explorer, Advanced Hunting, and API.
5. Limitations include .ics files remaining untouched and reissued invites reappearing.
6. Domain blocking update simplifies blocking for repeated URLs from the same domain.
7. Changes streamline incident response for Security Operations Center (SOC) teams.
8. Update aligns email and calendar cleaning processes.
9. IT teams benefit from reduced follow-up tasks on calendar inquiries.
10. Enhancements help reduce phishing risks and alert noise.

TAKEAWAYS:

1. New update connects Hard Delete with calendar item removal.
2. Domain-wide blocking reduces repetitive URL handling.
3. Changes improve efficiency in phishing incident response.
4. Email and calendar entries now follow a unified cleanup process.
5. IT teams experience fewer follow-up inquiries about calendar discrepancies.