How to turn off unwanted notifications from Microsoft Viva Engage

2025-06-05

The security team CSIRT-CUNI quite often gets notifications about suspicious emails that look like this:

engage email

What’s suspicious about them:

What’s really going on:

Viva Engage is a web application that all employees and students have available through the Microsoft 365 service that Charles University pays for. It’s an internal social network like Facebook. All employees and students are members. They don’t have to register anywhere, they become members automatically, they don’t even have to know about the service’s existence.

The service emails its members notifications about various events, such as a new post in the community they are members of. But even if you’re not a member of any community and you don’t use Viva Engage, you can still get summary weekly reports of what’s new on the network. And those are the suspicious ones and it doesn’t request the emails.

Centrally, sending these notifications can’t be turned off, but everyone can/must turn them off themselves.

How to do this:

engage_loginpage

engage_settings

Finally, CSIRT-CUNI team wants to thank everyone who sends us suspicious email notifications. It’s valuable information for us, and caution is never enough!