Outlook: Insert signature into calendar events

🚨 The Signal: Users can now manually insert email signatures into Outlook calendar events. This change introduces a potential vector for information disclosure or social engineering if not managed, as signatures often contain sensitive contact or branding information.

The Impact

End users are affected by new signature capabilities in calendar events, creating a low security risk of unintended information disclosure.

• End users: Risk of inadvertently sharing sensitive contact details.
• Security teams: Need to ensure signature policies cover calendar events.
• Compliance teams: Potential for non-compliant data sharing via signatures.

The Action

1. Review existing Exchange Online transport rules for signature enforcement to ensure they apply to calendar items if required.
2. Communicate updated acceptable use policies to end-users regarding signature content in calendar events.
3. Consider implementing or updating organization-wide signature policies via Exchange Online cmdlets (e.g., New-TransportRule, Set-TransportRule) to standardize content.

Domain: Exchange · Impact: low · Workload: Exchange Online