When the Microsoft 365 API integration method is used in an organization, if an email includes a calendar event, the event may be automatically added to the calendar of the recipient. If FortiMail Workspace Security then scans the email and finds it to be malicious, FortiMail Workspace Security will now attempt to remove the calendar event from the recipient's calendar.

For details on the configuration changes that may be required to enable this functionality, see Calendar Events.

You can now generate, send, and download Weekly Management Reports. Weekly Management Reports show an executive summary of the scans that were performed by FortiMail Workspace Security in your organization, during the specified week. 

To generate a Weekly Management Report, in FortiMail Workspace Security, select Insights > Periodic Reports, and then click Generate Report.

For additional details, see Configuring Management Reports.

Hello,

Zendesk has introduced new OAuth authentication requirements that replace legacy static API tokens. To remain compliant and ensure uninterrupted service, we are updating our Zendesk integration to use Zendesk’s new refreshable token mechanism.

What you need to do

If you currently have a Zendesk integration enabled, you must deactivate and then re-activate the integration from our console. This will migrate your account to the new authentication method.

Steps

1. Go to Settings
2. Navigate to Bundles and Channels
3. Select Zendesk
4. Click Deactivate
5. Then Reactivate the integration

Re-activating the integration will automatically generate and store the new OAuth tokens required by Zendesk.

Why this is required

• Zendesk is enforcing OAuth access and refresh token expiration.
• Static API tokens will no longer be supported.
• This change will become mandatory by January 31, 2026, after which the Zendesk integration will stop working if not updated.
• Your existing token will remain valid only for a short transition period.

Important

This step is mandatory and should be completed as soon as possible to prevent Zendesk scanning process issues.

If you have any questions or encounter issues during re-activation, please contact our support team.

Thank you for your prompt action.

During February 2026, we will implement a significant upgrade to the URL categorization and filtering functionality in FortiMail Browser Security. This enhancement is designed to provide you with more granular control and a higher degree of policy precision. For details, see Upcoming URL Categorization Changes – (February 2026).

We've added a new type of banner to FortiMail Workspace Security. You can now enable FortiMail Workspace Security to display "Financial banners" at the top of incoming emails. When this new functionality is enabled, a Financial banner will be added when financial information is detected in an email that is from a suspicious sender. The financial information is detected in the body of the email, or in .pdf attachments only. 

The default text of the financial banner is "Financial information was detected in this email. Please review this information carefully and verify its legitimacy before taking any action." 

By default, financial banners are not activated. For information about how to activate financial banners, see Activating and deactivating banners.

For more information about financial banners, see Financial Banners.

You can now configure FortiMail Workspace Security so that recommended remedial actions to "disable users" will be performed automatically when an ATO case is created. This applies only to cases that have been assigned a High severity. For details, see Configuring automatic remediation.

The new Threat Intelligence page in FortiMail Workspace Security shows a list of file hashes of various files that have been detected to be malicious in your organization. You can export [download] a list of these file hashes in .csv format. Thereafter, you can import the .csv file into applications such as FortiAnalyzer or FortiSIEM. For more information about this new functionality, see Threat Intelligence.

Each ATO case now includes ATO case remediation functionality. The functionality includes a set of tailored and clearly-defined suggested actions to perform to mitigate the case. In addition, tools are provided to perform the suggested actions, and to track the performance of these actions.

To access the new ATO Remediation functionality, click Security Operations > Account Takeover, select a case, and then click Remediate. To access the full ATO Remediation functionality, it may be necessary to request additional Microsoft 365 permissions for the remediation app. For more information about the new ATO Remediation functionality, see ATO Remediation.

Starting in the second week of January 2026, the FortiMail Browser Security extension will transition from "Perception Point" branding to "Fortinet" branding. This update affects visual elements only—functionality and security policies remain unchanged. For details, see Upcoming UI Changes – Fortinet Branding.

The new Partner Posture page in FortiMail Workspace Security lists well-known organizations that have been impersonated in malicious emails that were received by your organization during the previous 30 days. These malicious emails fall into the following impersonation categories: domain look-alike, visual similarity, or SPF failure. Each partner organization in the list is assigned a risk score (High, Medium, or Low). The risk score is an indication of the severity of the email-risk associated with the partner organization.

To access the Partner Posture page, click Security Operations > Partner Posture. For more information about the new Partner Posture page, see Partner Posture.