Skip to main content
🦉
Message CenterMicrosoft 365 Updates
HomePermissionsTenant FinderM365 ReportPortfolio
🦉
M365 Message Centerby Cengiz YILMAZ

Track the latest updates, features, and announcements for Microsoft 365 services. Comprehensive archive of service updates and important changes.

Quick Links

HomePermissionsTenant FinderM365 ReportPortfolio

Connect

© 2026 M365 Message Center. Created with ❤ by Cengiz YILMAZ

Data sourced from Microsoft 365 Message Center • Not affiliated with Microsoft

  1. Home
  2. /
  3. MC1151684

Hard delete action now removes calendar entries from malicious meeting invite emails

Message ID

MC1151684
View in Admin Center

Services

Microsoft Defender XDR

Summary

Hard Delete now removes calendar entries from malicious meeting invites, closing a security gap by fully eradicating threats from inboxes and calendars. This update rolls out worldwide in September 2025 and GCC regions in October 2025, is on by default, and requires no user action.

Details

Introduction
Security Operations Center (SOC) teams rely on remediation actions like Move to Junk, Delete, Soft Delete, and Hard Delete to swiftly eliminate email threats from user inboxes. However, meeting invite emails have posed an additional challenge: even after the email is removed, Outlook automatically creates a calendar entry during delivery, which remains active and accessible to users.

This residual calendar entry can still contain malicious links or phishing content, creating a security gap. We’re closing that gap.

With this update, the Hard Delete action will now also remove the associated calendar entry for any meeting invite email. This ensures that threats are fully eradicated—not just from the inbox, but also from the calendar—reducing the risk of user interaction with potentially harmful content. Note that calendar entries manually created by users by adding .ics attachments to the calendar will not be deleted.

When this will happen

  • General Availability (Worldwide): Rollout will begin early September 2025 and is expected to complete by late September 2025.
  • General Availability (GCC, GCC High, DoD): Rollout will begin early October 2025 and is expected to complete by late October 2025.

How this affects your organization
Hard Delete actions will now automatically remove calendar entries created by malicious meeting invite emails. This reduces the risk of user interaction with phishing links or harmful content that may persist in calendar entries. Deleted calendar entries can only be recreated by resending the invite or manually by the user.

This change is on by default and requires no configuration.

What you can do to prepare
No action is required. We recommend informing SOC teams and security administrators of this enhancement to ensure awareness and alignment with incident response procedures.

Compliance considerations

Compliance area Explanation
Alters how existing customer data is processed, stored, or accessed Calendar entries created by meeting invite emails will now be automatically deleted when Hard Delete is applied, changing how calendar data is retained.
Modifies deletion workflows Hard Delete now includes calendar entry removal, extending its scope beyond email content.

Timeline

Published
Sep 11, 2025
Message published to Message Center
Updated
Sep 11, 2025
Message content updated
End Date
Dec 1, 2025
Message timeline ends

Tags

#Feature update#User impact

Category

Plan for Change

Related Messages

Similar updates

MC1155429

Microsoft Defender for Identity: New recommendations added to Microsoft Secure Score

Sep 18, 2025
MC1152320

Microsoft Defender for Office 365: Enhanced email entity page experience

Sep 12, 2025
MC1151683

Microsoft Defender for Identity | Detections improvements to reduce noise and improve accuracy

Sep 11, 2025
MC1166867

Microsoft Defender for Office 365: Enhancing the quarantine email preview experience

Oct 6, 2025
MC1171845

Microsoft Defender for Office 365: Enhancing the quarantine experience for administrators

Oct 13, 2025