By Sinisa Markovic
Publication Date: 2025-11-25 10:14:00
Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a quiet opening for attackers.
Microsoft has updated Defender for Office 365 so that security teams can now remove those leftover calendar entries when they perform a Hard Delete. Microsoft also added stronger domain blocking for phishing links.
Attackers have been sending harmful meeting invites because Outlook often auto creates a calendar entry. Even if a security team deletes the email, the calendar entry can stay in place. Users sometimes click invitations directly from the calendar without noticing the source. Microsoft’s update closes this gap by connecting Hard Delete to the removal of the linked calendar item.
“SOC teams currently use remediation actions such as Move to Junk, Delete, Soft Delete, and Hard Delete to quickly eliminate email threats from user inboxes,” said Nithin Nara, a Senior…
