How to turn off unwanted notifications from Microsoft Viva Engage

2025-06-05

The security team CSIRT-CUNI quite often gets notifications about suspicious emails that look like this:

engage email

What’s suspicious about them:

the sender is an employee or student of the university by name, but the sender’s address is noreply@yammer.com
in the email there’s a link to the “Viva Engage” web application that requires login
the recipient has not registered anywhere and has not requested to send these emails

What’s really going on:

Viva Engage is a web application that all employees and students have available through the Microsoft 365 service that Charles University pays for. It’s an internal social network like Facebook. All employees and students are members. They don’t have to register anywhere, they become members automatically, they don’t even have to know about the service’s existence.

The service emails its members notifications about various events, such as a new post in the community they are members of. But even if you’re not a member of any community and you don’t use Viva Engage, you can still get summary weekly reports of what’s new on the network. And those are the suspicious ones and it doesn’t request the emails.

Centrally, sending these notifications can’t be turned off, but everyone can/must turn them off themselves.

How to do this:

sign in to Viva Engage via https://engage.cloud.microsoft
go to settings (top right corner)

engage_loginpage

choose Notifications in the settings and then turn off what you don’t want to receive - mainly news reports from groups you’re not a member of, i.e. “Daily digest” and “Weekly digest”

engage_settings

Finally, CSIRT-CUNI team wants to thank everyone who sends us suspicious email notifications. It’s valuable information for us, and caution is never enough!