Hard delete action now removes calendar entries from malicious meeting invite emails

Originally posted by Microsoft Sep 12, 2025 Uncategorized 0 Comments

Hard Delete now removes calendar entries from malicious meeting invites, closing a security gap by fully eradicating threats from inboxes and calendars. This update rolls out worldwide in September 2025 and GCC regions in October 2025, is on by default, and requires no user action.

IntroductionSecurity Operations Center (SOC) teams rely on remediation actions like Move to Junk, Delete, Soft Delete, and Hard Delete to swiftly eliminate email threats from user inboxes. However, meeting invite emails have posed an additional challenge: even after the email is removed, Outlook automatically creates a calendar entry during delivery, which remains active and accessible to users.

This residual calendar entry can still contain malicious links or phishing content, creating a security gap. We’re closing that gap.

With this update, the Hard Delete action will now also remove the associated calendar entry for any meeting invite email. This ensures that threats are fully eradicated—not just from the inbox, but also from the calendar—reducing the risk of user interaction with potentially harmful content. Note that calendar entries manually created by users by adding .ics attachments to the calendar will not be deleted.

When this will happen

  • General Availability (Worldwide): Rollout will begin early September 2025 and is expected to complete by late September 2025.
  • General Availability (GCC, GCC High, DoD): Rollout will begin early October 2025 and is expected to complete by late October 2025.

How this affects your organizationHard Delete actions will now automatically remove calendar entries created by malicious meeting invite emails. This reduces the risk of user interaction with phishing links or harmful content that may persist in calendar entries. Deleted calendar entries can only be recreated by resending the invite or manually by the user.

This change is on by default and requires no configuration.

What you can do to prepareNo action is required. We recommend informing SOC teams and security administrators of this enhancement to ensure awareness and alignment with incident response procedures.

Compliance considerations

    Compliance area Explanation
    Alters how existing customer data is processed, stored, or accessed Calendar entries created by meeting invite emails will now be automatically deleted when Hard Delete is applied, changing how calendar data is retained.
    Modifies deletion workflows Hard Delete now includes calendar entry removal, extending its scope beyond email content.

    Message ID: MC1151684

    Comments are closed.

    Joao Ferreira

    I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

    %d bloggers like this: